CVE-2017-8399: Improper Restriction of Operations within the Bounds of a Memory Buffer

May 1, 2017 (updated August 28, 2018)

PCRE2 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a “pattern with very many captures.”

References

nvd.nist.gov/vuln/detail/CVE-2017-8399

Detect and mitigate CVE-2017-8399 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →