CVE-2016-10253
high-risk
Published 2017-03-18
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
Do I need to act?
-
0.51% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (4)
Third Party Advisory
https://github.com/erlang/otp/pull/1108
Third Party Advisory
https://usn.ubuntu.com/3571-1/
Third Party Advisory
https://github.com/erlang/otp/pull/1108
Third Party Advisory
https://usn.ubuntu.com/3571-1/
61
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
27/34 · High