The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
16 Feb 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Aug 2022, 14:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Php
Php php |
|
CPE | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
20 Jul 2022, 17:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux Workstation
Redhat enterprise Linux Eus Fedoraproject Pcre pcre Fedoraproject fedora Redhat Redhat enterprise Linux Server Oracle linux Redhat enterprise Linux Server Aus Oracle Redhat enterprise Linux Server Tus Redhat enterprise Linux Desktop |
|
References | (CONFIRM) http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1132 - Third Party Advisory | |
References | (CONFIRM) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1025.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201607-02 - Third Party Advisory | |
References | (CONFIRM) http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup - Broken Link | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2750.html - Third Party Advisory | |
References | (CONFIRM) https://bto.bluecoat.com/security-advisory/sa128 - Permissions Required | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/82990 - Third Party Advisory, VDB Entry | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2015/11/29/1 - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 9.8 |
Information
Published : 2015-12-02 01:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-8391
Mitre link : CVE-2015-8391
CVE.ORG link : CVE-2015-8391
JSON object : View
Products Affected
pcre
- pcre
redhat
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_server_tus
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux_eus
php
- php
oracle
- linux
fedoraproject
- fedora
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer