CVE-2017-11164

CVE Details

Visit the official vulnerability details page for CVE-2017-11164 to learn more.

Initial Publication

10/25/2024

Last Update

08/06/2025

Third Party Dependency

libpcre3

NIST CVE Summary

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

CVE Severity

7.5

Our Official Summary

This vulnerability requires a crafted regular expression to exploit in PCRE (Perl Regular Controlled Expressions). Risk of exploitation of this vulnerability for our products is low, since accessing the match function in pcre library requires attacker to have privileged access to the containers and do not allow arbitrary code to be run on them. Impact of exploitation is also low since containers have a limited attack surface. Third party containers in which this vulnerability is reported do not have an upstream fix. We will upgrade the images once the upstream fix becomes available.

Status

Ongoing

Affected Products & Versions

Version	Palette Enterprise	Palette Enterprise Airgap	VerteX	VerteX Airgap
4.7.16	⚠️ Impacted	✅ No Impact	⚠️ Impacted	⚠️ Impacted
4.6.41	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted
4.5.22	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted
4.4.20	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​