{"id":"CVE-2016-10253","details":"An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.","modified":"2026-04-10T03:47:22.170694Z","published":"2017-03-18T20:59:00.127Z","related":["openSUSE-SU-2017:3255-1","openSUSE-SU-2017:3257-1"],"references":[{"type":"ADVISORY","url":"https://github.com/erlang/otp/pull/1108"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3571-1/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/erlang/otp","events":[{"introduced":"0"},{"last_affected":"74a95b3d511177a9b35c2b0272b9ca5511b6f750"},{"introduced":"0"},{"last_affected":"bf3b377220f2531b9b101f32222067beb3ea750b"},{"introduced":"0"},{"last_affected":"6a3e878126da1e8d75c704510c7a7339ff306138"},{"introduced":"0"},{"last_affected":"1c14bf099be15790ccbe56f464e81a9557476b3f"},{"introduced":"0"},{"last_affected":"61828f77ca2542109ece006d730a4f8fe3300616"},{"introduced":"0"},{"last_affected":"6b4c2dbd1b4a30f421611987acec6315c62ac9d5"},{"introduced":"0"},{"last_affected":"1523be48ab4071b158412f4b06fe9c8d6ba3e73c"},{"introduced":"0"},{"last_affected":"a2c538dee3013bb6285027d9ae45b7f055e8e8eb"},{"introduced":"0"},{"last_affected":"3c799a7ee5ee26f643c7ffad79c81d6156f3dac6"},{"introduced":"0"},{"last_affected":"fe1df7fc6bf050cb6c9bbd99eb9393c426b62f67"},{"introduced":"0"},{"last_affected":"9dd0c95d56ec33bde9668bb47668aa27981ea18d"},{"introduced":"0"},{"last_affected":"c24a4bf84029d06cc79f49634684cd6d2eeafb62"},{"introduced":"0"},{"last_affected":"b855206a1a7788216717ca272f44e9beb1f58e7c"},{"introduced":"0"},{"last_affected":"21d6192389a04024f7a41ced9d0911a9cce6f4e8"},{"introduced":"0"},{"last_affected":"7cf9a621c5280a3e97967c4c63ab6ca1adde69c3"},{"introduced":"0"},{"last_affected":"d96471b3f404f7341279d8598dd74d92fb1a923c"},{"introduced":"0"},{"last_affected":"d646221c59fbf57d5beac913248b46f5dbebfbe7"},{"introduced":"0"},{"last_affected":"c0540f1b946d699afbe496ab7c481d88eb9ae78b"},{"introduced":"0"},{"last_affected":"5e1b5ef47f3f2b898d30e0425823835bd9a574d4"},{"introduced":"0"},{"last_affected":"afe72bfc1448ff426c38eceb7412f69e973aef62"},{"introduced":"0"},{"last_affected":"fea24ae8d37b33e97ef1897d0d3b6cdb2338c051"},{"introduced":"0"},{"last_affected":"1ab69efa960703b86a13ea6ba96f4fd56f1565f9"},{"introduced":"0"},{"last_affected":"53e7743216647d810d529e397bd3ea7278c6047c"},{"introduced":"0"},{"last_affected":"5cf780148575f1ea4c460d7c9783831e6fbce9ff"},{"introduced":"0"},{"last_affected":"f5ef4087331c0181fd154dcaa372a05e6f8bd408"},{"introduced":"0"},{"last_affected":"e7966ef5cb0c2337a674d8cdca7c89802fa01bf6"},{"introduced":"0"},{"last_affected":"7518684155aaabdde97c7b624803523c045bc185"},{"introduced":"0"},{"last_affected":"79ea550fdf9ebd02c1932728dac509cd0d520a7c"},{"introduced":"0"},{"last_affected":"3b7a6ffddc819bf305353a593904cea9e932e7dc"},{"introduced":"0"},{"last_affected":"f68a3780fbcc836c7036b55db5ee1d0447213c8f"},{"introduced":"0"},{"last_affected":"2c9dba638a8bda92e3db2d5c07e6ba251330c7ca"},{"introduced":"0"},{"last_affected":"0573efbc18fc20f8646cf3ff64d2affd06e03cb8"},{"introduced":"0"},{"last_affected":"b490fb8664ec6e5ceaadc1c74350dc666f5406d2"},{"introduced":"0"},{"last_affected":"020d38d4c9062f255b52eeb35542152c7cff1598"},{"introduced":"0"},{"last_affected":"19db7510939149206017c925032d390da9a83fe9"},{"introduced":"0"},{"last_affected":"71894a879d6254693791585246ce340dd7414b82"},{"introduced":"0"},{"last_affected":"226a754d1f4babb262b2a15569b174921f97ad86"},{"introduced":"0"},{"last_affected":"33b39b559a31c38465dfc038218f432c9c60a9ad"},{"introduced":"0"},{"last_affected":"e6059f94571a6c968c15b9de6b7d63ebd64f9acf"},{"introduced":"0"},{"last_affected":"310b00b7fc18b5883f5f2cb1b992deb1dd6c9a65"},{"introduced":"0"},{"last_affected":"7a5356d99d8f01572b67305cc9a86446fad351e3"},{"introduced":"0"},{"last_affected":"a59807ef9a6a8af6eb6f13976eb405ddb9baad6c"},{"introduced":"0"},{"last_affected":"c1c2149818396bdefe9eff995184f8864f18fca3"},{"introduced":"0"},{"last_affected":"926391fbb8761d5833b3a6f5c9e523fcda373c6d"},{"introduced":"0"},{"last_affected":"2b41d8f318b7e5ec139d42fd2f01a132699be839"},{"introduced":"0"},{"last_affected":"6ceb840258a6faf74f63b481198ae4bf9399f2d0"},{"introduced":"0"},{"last_affected":"3473ecd83a7bbe7e0bebb865f25dddb93e3bf10f"},{"introduced":"0"},{"last_affected":"bca5bf5a2d68a0e9ca681363a8943809c4751950"},{"introduced":"0"},{"last_affected":"51faafa9a20c4afa7944b8089b26f22c774bed19"},{"introduced":"0"},{"last_affected":"aa315e1cf1b79ab782e5b4c944595495ebf4e2f4"},{"introduced":"0"},{"last_affected":"677cbdffef317aaff00f1ef7eda0e28bd88fbb96"},{"introduced":"0"},{"last_affected":"a748cafdc7063d9f181ba12088db6458793ced2f"},{"introduced":"0"},{"last_affected":"d25ad84195ca42969fbfb017a52aab8c8effc246"},{"introduced":"0"},{"last_affected":"6acb7d6fb8d23c0b0b78d30a618d2636ad463e6e"},{"introduced":"0"},{"last_affected":"0298a195873c606ac885d37f54a098eca3d7905a"},{"introduced":"0"},{"last_affected":"f954cdea9b67369185094a3aea7cb611dd680b3c"},{"introduced":"0"},{"last_affected":"87bca557898bea79dbd53d59b21f6e7384e3a25d"},{"introduced":"0"},{"last_affected":"da06fd040775fffee17409ebbd6fa797e34d6f99"},{"introduced":"0"},{"last_affected":"8d9cde83b628533ae7a5fe85a5dd9c6c00c084e3"},{"introduced":"0"},{"last_affected":"0c0d7899f869eae275a9dd2677791f34bbd25bfe"},{"introduced":"0"},{"last_affected":"2cc46961352aded5c84ecb9bcb32581461dbc047"},{"introduced":"0"},{"last_affected":"e64a1f429ec5f7534e0201fed42967aeb1aae8d8"},{"introduced":"0"},{"last_affected":"2e7160f3c28d495a8b798c5f8b484b1b977cee8e"},{"introduced":"0"},{"last_affected":"33521da61673b890bcd05eda02f38fea1fe58a30"},{"introduced":"0"},{"last_affected":"bf70d8de7a6c52cb3ba51ae3e5506d8fc31bbc69"},{"introduced":"0"},{"last_affected":"90edf69ba7acbfaa55a709fa115ce8bb782b9dc9"},{"introduced":"0"},{"last_affected":"3d0c4930775cf2ab304d5e4701b41ffc2936ce53"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"18.0"},{"introduced":"0"},{"last_affected":"18.0-rc1"},{"introduced":"0"},{"last_affected":"18.0-rc2"},{"introduced":"0"},{"last_affected":"18.0.1"},{"introduced":"0"},{"last_affected":"18.0.2"},{"introduced":"0"},{"last_affected":"18.0.3"},{"introduced":"0"},{"last_affected":"18.1"},{"introduced":"0"},{"last_affected":"18.1.1"},{"introduced":"0"},{"last_affected":"18.1.2"},{"introduced":"0"},{"last_affected":"18.1.3"},{"introduced":"0"},{"last_affected":"18.1.4"},{"introduced":"0"},{"last_affected":"18.1.5"},{"introduced":"0"},{"last_affected":"18.2"},{"introduced":"0"},{"last_affected":"18.2.1"},{"introduced":"0"},{"last_affected":"18.2.2"},{"introduced":"0"},{"last_affected":"18.2.3"},{"introduced":"0"},{"last_affected":"18.2.4"},{"introduced":"0"},{"last_affected":"18.2.4.1"},{"introduced":"0"},{"last_affected":"18.3"},{"introduced":"0"},{"last_affected":"18.3.1"},{"introduced":"0"},{"last_affected":"18.3.2"},{"introduced":"0"},{"last_affected":"18.3.3"},{"introduced":"0"},{"last_affected":"18.3.4"},{"introduced":"0"},{"last_affected":"18.3.4.1"},{"introduced":"0"},{"last_affected":"18.3.4.2"},{"introduced":"0"},{"last_affected":"18.3.4.3"},{"introduced":"0"},{"last_affected":"18.3.4.4"},{"introduced":"0"},{"last_affected":"18.3.4.5"},{"introduced":"0"},{"last_affected":"19.0"},{"introduced":"0"},{"last_affected":"19.0-rc1"},{"introduced":"0"},{"last_affected":"19.0-rc2"},{"introduced":"0"},{"last_affected":"19.0.1"},{"introduced":"0"},{"last_affected":"19.0.2"},{"introduced":"0"},{"last_affected":"19.0.3"},{"introduced":"0"},{"last_affected":"19.0.4"},{"introduced":"0"},{"last_affected":"19.0.5"},{"introduced":"0"},{"last_affected":"19.0.6"},{"introduced":"0"},{"last_affected":"19.0.7"},{"introduced":"0"},{"last_affected":"19.1"},{"introduced":"0"},{"last_affected":"19.1.1"},{"introduced":"0"},{"last_affected":"19.1.2"},{"introduced":"0"},{"last_affected":"19.1.3"},{"introduced":"0"},{"last_affected":"19.1.4"},{"introduced":"0"},{"last_affected":"19.1.5"},{"introduced":"0"},{"last_affected":"19.1.6"},{"introduced":"0"},{"last_affected":"19.1.6.1"},{"introduced":"0"},{"last_affected":"19.2"},{"introduced":"0"},{"last_affected":"19.2.1"},{"introduced":"0"},{"last_affected":"19.2.2"},{"introduced":"0"},{"last_affected":"19.2.3"},{"introduced":"0"},{"last_affected":"19.2.3.1"},{"introduced":"0"},{"last_affected":"19.3"},{"introduced":"0"},{"last_affected":"19.3.1"},{"introduced":"0"},{"last_affected":"19.3.2"},{"introduced":"0"},{"last_affected":"19.3.3"},{"introduced":"0"},{"last_affected":"19.3.4"},{"introduced":"0"},{"last_affected":"19.3.5"},{"introduced":"0"},{"last_affected":"19.3.6"},{"introduced":"0"},{"last_affected":"19.3.6.1"},{"introduced":"0"},{"last_affected":"19.3.6.2"},{"introduced":"0"},{"last_affected":"19.3.6.3"},{"introduced":"0"},{"last_affected":"19.3.6.4"},{"introduced":"0"},{"last_affected":"19.3.6.5"},{"introduced":"0"},{"last_affected":"19.3.6.6"},{"introduced":"0"},{"last_affected":"19.3.6.7"},{"introduced":"0"},{"last_affected":"19.3.6.8"},{"introduced":"0"},{"last_affected":"19.3.6.9"}]}}],"versions":["OTP-17.0","OTP-18.0","OTP-18.0-rc1","OTP-18.0-rc2","OTP-18.0.1","OTP-18.0.2","OTP-18.0.3","OTP-18.1","OTP-18.1.1","OTP-18.1.2","OTP-18.1.3","OTP-18.1.4","OTP-18.1.5","OTP-18.2","OTP-18.2.1","OTP-18.2.2","OTP-18.2.3","OTP-18.2.4","OTP-18.2.4.1","OTP-18.3","OTP-18.3.1","OTP-18.3.2","OTP-18.3.3","OTP-18.3.4","OTP-18.3.4.1","OTP-18.3.4.2","OTP-18.3.4.3","OTP-18.3.4.4","OTP-18.3.4.5","OTP-19.0","OTP-19.0-rc1","OTP-19.0-rc2","OTP-19.0.1","OTP-19.0.2","OTP-19.0.3","OTP-19.0.4","OTP-19.0.5","OTP-19.0.6","OTP-19.0.7","OTP-19.1","OTP-19.1.1","OTP-19.1.2","OTP-19.1.3","OTP-19.1.4","OTP-19.1.5","OTP-19.1.6","OTP-19.1.6.1","OTP-19.2","OTP-19.2.1","OTP-19.2.2","OTP-19.2.3","OTP-19.2.3.1","OTP-19.3","OTP-19.3.1","OTP-19.3.2","OTP-19.3.3","OTP-19.3.4","OTP-19.3.5","OTP-19.3.6","OTP-19.3.6.1","OTP-19.3.6.2","OTP-19.3.6.3","OTP-19.3.6.4","OTP-19.3.6.5","OTP-19.3.6.6","OTP-19.3.6.7","OTP-19.3.6.8","OTP-19.3.6.9","OTP_17.0-rc1","OTP_17.0-rc2","OTP_R13B03","OTP_R13B04","OTP_R14A","OTP_R14B","OTP_R14B01","OTP_R14B02","OTP_R14B03","OTP_R15A","OTP_R15B","OTP_R16A_RELEASE_CANDIDATE","OTP_R16B"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10253.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}