Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9397B926A331589D0B25C1576B41F399C3D00F60E62ACC0BF739BEA5D9739F34
HistoryOct 18, 2019 - 3:10 a.m.

Security Bulletin: IBM Netezza SQL Extensions is vulnerable to an OpenSource PCRE Vulnerability (CVE-2016-1283, CVE-2016-3191)

2019-10-1803:10:29
www.ibm.com
14

0.151 Low

EPSS

Percentile

95.9%

JSON

Summary

Open Source PCRE is used by IBM Netezza SQL Extensions. IBM Netezza SQL Extensions has addressed the applicable CVEs

Vulnerability Details

CVEID: CVE-2016-1283**
DESCRIPTION:** PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of patterns by the pcre_compile2() function. By using a specially crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109363 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-3191**
DESCRIPTION:** PCRE and PCRE2 are vulnerable to a stack-based buffer overflow, caused by the improper handling of the (ACCEPT) substring by the compile_branch function in pcre_compile.c. By using a specially-crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111583 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Netezza SQL Extensions Toolkit 7.2.1.1 (and prior releases)

Remediation/Fixes

IBM Netezza SQL Extensions Toolkit

| 7.2.1.3| https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.2.1.3-IM-Netezza-SQLEXT-fp110503&continue=1
—|—|—

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm puredata systemeq1.0.0

Related

mageia 3
openvas 37
seebug 2
cvelist 4
f5 7
nessus 56
alpinelinux 2
slackware 3
fedora 11
osv 4
cve 4
talos 2
ubuntucve 4
altlinux 3
debiancve 4
prion 4
nvd 4
veracode 3
zdi 1
freebsd 4
ibm 10
amazon 4
archlinux 1
redhatcve 1
oraclelinux 3
redhat 3
centos 2
symantec 1
freebsd_advisory 1
ubuntu 1
debian 2
suse 4
arista 1
cisco 1
fortinet 1
ics 1
mageia
mageia
Updated pcre packages fix security vulnerabilities
2016-05-24 01:00:58
Updated ntp packages fix security vulnerabilities
2016-05-14 00:54:49
Updated ntp packages fix security vulnerability
2016-06-08 00:39:50
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0204)
2022-01-28 00:00:00
Fedora Update for php FEDORA-2017-0af85ae851
2017-11-08 00:00:00
Slackware: Security Advisory (SSA:2017-300-01)
2022-04-21 00:00:00
seebug
seebug
Network Time Protocol Forced Interleaved Time Spoofing Vulnerability(CVE-2016-1548)
2017-10-26 00:00:00
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)
2017-10-11 00:00:00
cvelist
cvelist
CVE-2016-1548
2017-01-06 21:00:00
CVE-2016-1283
2016-01-03 00:00:00
CVE-2016-3191
2016-03-17 23:00:00
f5
f5
SOL51440224 - PCRE vulnerability CVE-2016-3191
2016-10-12 00:00:00
SOL98009539 - PHP/PCRE vulnerability CVE-2016-1283
2016-10-07 00:00:00
K51440224 : PCRE vulnerability CVE-2016-3191
2016-10-12 00:00:00
nessus
nessus
FreeBSD : pcre -- stack buffer overflow (7033b42d-ef09-11e5-b766-14dae9d210b8)
2016-03-21 00:00:00
openSUSE Security Update : pcre2 (openSUSE-2016-966)
2016-08-16 00:00:00
Fedora 23 : pcre-8.38-6.fc23 (2016-65833b5dbc)
2016-03-04 00:00:00
alpinelinux
alpinelinux
CVE-2016-3191
2016-03-17 23:59:01
CVE-2016-1283
2016-01-03 00:59:03
slackware
slackware
[slackware-security] php
2017-10-27 20:55:24
[slackware-security] pcre
2016-06-20 21:53:15
[slackware-security] ntp
2016-04-29 21:57:25
fedora
fedora
[SECURITY] Fedora 26 Update: php-7.1.11-1.fc26
2017-11-07 22:21:20
[SECURITY] Fedora 23 Update: pcre-8.38-6.fc23
2016-03-02 01:52:19
[SECURITY] Fedora 22 Update: pcre-8.38-3.fc22
2016-03-16 01:52:51
osv
osv
CVE-2016-1283
2016-01-03 00:59:00
CVE-2016-3191
2016-03-17 23:59:00
ntp - security update
2016-07-25 00:00:00
cve
cve
CVE-2016-1283
2016-01-03 00:59:03
CVE-2016-3191
2016-03-17 23:59:01
CVE-2016-1548
2017-01-06 21:59:00
talos
talos
Network Time Protocol Forced Interleaved Time Spoofing Vulnerability
2016-04-26 00:00:00
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability
2016-11-21 00:00:00
ubuntucve
ubuntucve
CVE-2016-1548
2016-04-29 00:00:00
CVE-2016-3191
2016-03-17 00:00:00
CVE-2016-1283
2016-01-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package php7 version 7.1.11-alt1
2017-11-03 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.1.11-alt1
2017-11-03 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.1.11-alt1
2017-11-03 00:00:00
debiancve
debiancve
CVE-2016-1283
2016-01-03 00:59:03
CVE-2016-3191
2016-03-17 23:59:01
CVE-2016-1548
2017-01-06 21:59:00
prion
prion
Stack overflow
2016-03-17 23:59:00
Code injection
2017-01-06 21:59:00
Heap overflow
2016-01-03 00:59:00
nvd
nvd
CVE-2016-3191
2016-03-17 23:59:01
CVE-2016-1548
2017-01-06 21:59:00
CVE-2016-1283
2016-01-03 00:59:03
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:34:23
Denial Of Service (DoS)
2019-05-02 05:34:23
Denial Of Service (DoS)
2019-05-02 05:34:28
zdi
zdi
PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability
2016-08-17 00:00:00
freebsd
freebsd
pcre -- stack buffer overflow
2016-02-09 00:00:00
pcre -- heap overflow vulnerability
2016-02-27 00:00:00
PHP -- denial of service attack
2017-10-26 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in PCRE affects IBM Tivoli Network Manager IP Edition (CVE-2016-1283)
2018-06-17 15:29:28
Security Bulletin: Multiple vulnerabilities in PCRE library affect IBM Tealeaf Customer Experience
2018-06-16 20:03:39
Security Bulletin: Vulnerabilities in NTP affect Power Hardware Management Console
2021-09-23 01:31:39
amazon
amazon
Important: php56, php70, php71
2017-11-15 20:05:00
Important: pcre
2018-09-05 20:42:00
Medium: ntp
2016-06-02 18:06:00
archlinux
archlinux
pcre: arbitrary code execution
2016-03-13 00:00:00
redhatcve
redhatcve
CVE-2016-4956
2016-06-02 13:49:28
oraclelinux
oraclelinux
ntp security update
2016-05-31 00:00:00
pcre security update
2016-05-11 00:00:00
ntp security update
2017-10-26 00:00:00
redhat
redhat
(RHSA-2016:1552) Moderate: ntp security update
2016-08-03 04:36:58
(RHSA-2016:1141) Moderate: ntp security update
2016-05-31 05:04:27
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
centos
centos
ntp, ntpdate, sntp security update
2016-05-31 10:58:56
pcre security update
2016-05-13 00:44:08
symantec
symantec
SA128 : Multiple PCRE Vulnerabilities
2016-07-07 08:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:16.ntp
2016-04-29 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
debian
debian
[SECURITY] [DSA 3629-1] ntp security update
2016-07-25 21:15:32
[SECURITY] [DLA 559-1] ntp security update
2016-07-25 21:37:14
suse
suse
Security update for ntp (important)
2016-05-18 14:10:13
Security update for ntp (important)
2016-05-12 20:09:15
Security update for ntp (important)
2016-05-11 18:08:42
arista
arista
Security Advisory 0019
2018-04-25 00:00:00
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
2016-04-28 09:00:00
fortinet
fortinet
ntp-4.2.8p7 Security Vulnerability Announcement April 2016
2017-04-03 00:00:00
ics
ics
Siemens TIM 4R-IE Devices
2021-04-13 12:00:00

0.151 Low

EPSS

Percentile

95.9%

JSON
Related for 9397B926A331589D0B25C1576B41F399C3D00F60E62ACC0BF739BEA5D9739F34
mageia3openvas37seebug2cvelist4f57nessus56alpinelinux2slackware3fedora11osv4cve4talos2ubuntucve4altlinux3debiancve4prion4nvd4veracode3zdi1freebsd4ibm10amazon4archlinux1redhatcve1oraclelinux3redhat3centos2symantec1freebsd_advisory1ubuntu1debian2suse4arista1cisco1fortinet1ics1