VIR Vulnerability Intelligence Relay

CVE-2016-10253

critical
Published 2017-03-18 ยท Modified 2026-05-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
9.8

Description

An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.

Predictions

Exploit likelihood
97%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
โ€” Affected โ€”
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 1:19.2.1+dfsg-2
sid Fixed 1:19.2.1+dfsg-2
forky Fixed 1:19.2.1+dfsg-2
bullseye Fixed 1:19.2.1+dfsg-2
bookworm Fixed 1:19.2.1+dfsg-2

Application impact
VendorProductVersionsFixed
erlangerlang\/otp18.0
erlangerlang\/otp18.0.1
erlangerlang\/otp18.0.2
erlangerlang\/otp18.0.3
erlangerlang\/otp18.1
erlangerlang\/otp18.1.1
erlangerlang\/otp18.1.2
erlangerlang\/otp18.1.3
erlangerlang\/otp18.1.4
erlangerlang\/otp18.1.5
erlangerlang\/otp18.2
erlangerlang\/otp18.2.1
erlangerlang\/otp18.2.2
erlangerlang\/otp18.2.3
erlangerlang\/otp18.2.4
erlangerlang\/otp18.2.4.1
erlangerlang\/otp18.3
erlangerlang\/otp18.3.1
erlangerlang\/otp18.3.2
erlangerlang\/otp18.3.3
erlangerlang\/otp18.3.4
erlangerlang\/otp18.3.4.1
erlangerlang\/otp18.3.4.2
erlangerlang\/otp18.3.4.3
erlangerlang\/otp18.3.4.4
erlangerlang\/otp18.3.4.5
erlangerlang\/otp19.0
erlangerlang\/otp19.0.1
erlangerlang\/otp19.0.2
erlangerlang\/otp19.0.3
erlangerlang\/otp19.0.4
erlangerlang\/otp19.0.5
erlangerlang\/otp19.0.6
erlangerlang\/otp19.0.7
erlangerlang\/otp19.1
erlangerlang\/otp19.1.1
erlangerlang\/otp19.1.2
erlangerlang\/otp19.1.3
erlangerlang\/otp19.1.4
erlangerlang\/otp19.1.5
erlangerlang\/otp19.1.6
erlangerlang\/otp19.1.6.1
erlangerlang\/otp19.2
erlangerlang\/otp19.2.1
erlangerlang\/otp19.2.2
erlangerlang\/otp19.2.3
erlangerlang\/otp19.2.3.1
erlangerlang\/otp19.3
erlangerlang\/otp19.3.1
erlangerlang\/otp19.3.2
erlangerlang\/otp19.3.3
erlangerlang\/otp19.3.4
erlangerlang\/otp19.3.5
erlangerlang\/otp19.3.6
erlangerlang\/otp19.3.6.1
erlangerlang\/otp19.3.6.2
erlangerlang\/otp19.3.6.3
erlangerlang\/otp19.3.6.4
erlangerlang\/otp19.3.6.5
erlangerlang\/otp19.3.6.6
erlangerlang\/otp19.3.6.7
erlangerlang\/otp19.3.6.8
erlangerlang\/otp19.3.6.9

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.