PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
16 Feb 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Aug 2022, 13:31
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1132 - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201607-02 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1025.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2750.html - Third Party Advisory | |
References | (CONFIRM) http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup - Broken Link, Release Notes | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
First Time |
Php
Php php |
|
CPE | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
Information
Published : 2015-12-02 01:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-8386
Mitre link : CVE-2015-8386
CVE.ORG link : CVE-2015-8386
JSON object : View
Products Affected
pcre
- perl_compatible_regular_expression_library
php
- php
oracle
- linux
fedoraproject
- fedora
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer