CVE-2016-10253 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-10253 Interim 1 15 2023-12-08T01:41:12Z current 2021-05-30T13:49:27Z 2023-12-08T01:41:12Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-10253 An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE OpenStack Cloud 7 SUSE Package Hub 12 erlang erlang-18.3.4.7-9.1 erlang-debugger-18.3.4.7-9.1 erlang-debugger-src-18.3.4.7-9.1 erlang-dialyzer-18.3.4.7-9.1 erlang-dialyzer-src-18.3.4.7-9.1 erlang-diameter-18.3.4.7-9.1 erlang-diameter-src-18.3.4.7-9.1 erlang-doc-18.3.4.7-9.1 erlang-epmd erlang-epmd-18.3.4.7-9.1 erlang-et-18.3.4.7-9.1 erlang-et-src-18.3.4.7-9.1 erlang-gs-18.3.4.7-9.1 erlang-gs-src-18.3.4.7-9.1 erlang-jinterface-18.3.4.7-9.1 erlang-jinterface-src-18.3.4.7-9.1 erlang-observer-18.3.4.7-9.1 erlang-observer-src-18.3.4.7-9.1 erlang-reltool-18.3.4.7-9.1 erlang-reltool-src-18.3.4.7-9.1 erlang-src-18.3.4.7-9.1 erlang-wx-18.3.4.7-9.1 erlang-wx-src-18.3.4.7-9.1 erlang-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-debugger-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-debugger-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-dialyzer-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-dialyzer-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-diameter-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-diameter-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-doc-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-epmd-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-et-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-et-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-gs-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-gs-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-jinterface-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-jinterface-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-observer-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-observer-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-reltool-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-reltool-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-wx-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang-wx-src-18.3.4.7-9.1 as a component of SUSE Package Hub 12 erlang as a component of SUSE Enterprise Storage 4 erlang-epmd as a component of SUSE Enterprise Storage 4 erlang as a component of SUSE OpenStack Cloud 7 erlang-epmd as a component of SUSE OpenStack Cloud 7 An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. CVE-2016-10253 SUSE Package Hub 12:erlang-18.3.4.7-9.1 SUSE Package Hub 12:erlang-debugger-18.3.4.7-9.1 SUSE Package Hub 12:erlang-debugger-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-dialyzer-18.3.4.7-9.1 SUSE Package Hub 12:erlang-dialyzer-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-diameter-18.3.4.7-9.1 SUSE Package Hub 12:erlang-diameter-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-doc-18.3.4.7-9.1 SUSE Package Hub 12:erlang-epmd-18.3.4.7-9.1 SUSE Package Hub 12:erlang-et-18.3.4.7-9.1 SUSE Package Hub 12:erlang-et-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-gs-18.3.4.7-9.1 SUSE Package Hub 12:erlang-gs-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-jinterface-18.3.4.7-9.1 SUSE Package Hub 12:erlang-jinterface-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-observer-18.3.4.7-9.1 SUSE Package Hub 12:erlang-observer-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-reltool-18.3.4.7-9.1 SUSE Package Hub 12:erlang-reltool-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-src-18.3.4.7-9.1 SUSE Package Hub 12:erlang-wx-18.3.4.7-9.1 SUSE Package Hub 12:erlang-wx-src-18.3.4.7-9.1 SUSE Enterprise Storage 4:erlang SUSE Enterprise Storage 4:erlang-epmd SUSE OpenStack Cloud 7:erlang SUSE OpenStack Cloud 7:erlang-epmd low 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H