PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
16 Aug 2022, 13:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | |
References | (CONFIRM) http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup - Broken Link, Release Notes | |
References | (GENTOO) https://security.gentoo.org/glsa/201607-02 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2750.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1025.html - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1132 - Third Party Advisory |
Information
Published : 2015-12-02 01:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-8386
Mitre link : CVE-2015-8386
CVE.ORG link : CVE-2015-8386
JSON object : View
Products Affected
php
- php
oracle
- linux
fedoraproject
- fedora
pcre
- perl_compatible_regular_expression_library
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer