CVE-2016-10253

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.

References

https://github.com/erlang/otp/pull/1108

https://usn.ubuntu.com/3571-1/

Details

Source: MITRE

Published: 2017-03-18

Updated: 2018-07-11

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:erlang:erlang\/otp:18.0:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.0:rc1:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.0:rc2:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.0.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.0.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.0.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.1.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.1.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.1.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.1.4:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.1.5:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.2.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.2.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.2.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.2.4:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.4:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:18.3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0:rc1:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0:rc2:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0.4:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0.5:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0.6:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.0.7:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.1.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.1.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.1.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.1.4:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.1.5:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.1.6:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.2.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.2.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.2.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.4:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.5:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.2:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.3:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.4:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.5:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.6:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.7:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.8:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:19.3.6.9:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
136030Photon OS 1.0: Erlang PHSA-2020-1.0-0289NessusPhotonOS Local Security Checks
critical
135906Photon OS 2.0: Erlang PHSA-2020-2.0-0231NessusPhotonOS Local Security Checks
critical
106838Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT)NessusUbuntu Local Security Checks
critical
105241openSUSE Security Update : erlang (openSUSE-2017-1358) (ROBOT)NessusSuSE Local Security Checks
critical
101719Fedora 26 : erlang (2017-cbed8f4169)NessusFedora Local Security Checks
critical
99143Fedora 25 : erlang (2017-42ebcac2b5)NessusFedora Local Security Checks
critical
99108Fedora 24 : erlang (2017-e2480c7f50)NessusFedora Local Security Checks
critical