Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-2328

Опубликовано: 02 дек. 2015
Источник: debian
EPSS Низкий

Описание

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mongodbremovedpackage
pcre3fixed2:8.35-7.2package
pcre3fixed2:8.35-3.3+deb8u2jessiepackage
pcre3no-dsawheezypackage
pcre3no-dsasqueezepackage

Примечания

  • CVE for bundled version of pcre3 in mongodb

  • https://jira.mongodb.org/browse/SERVER-17252

  • Since 1:2.0.0-1 mongodb uses the system pcre3

  • https://bugs.exim.org/show_bug.cgi?id=1515

  • Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498

  • https://www.openwall.com/lists/oss-security/2015/05/31/4

EPSS

Процентиль: 90%
0.05775
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-2328

ubuntu
больше 9 лет назад

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

redhat логотип

CVE-2015-2328

redhat
почти 11 лет назад

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

nvd логотип

CVE-2015-2328

nvd
больше 9 лет назад

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

github логотип

GHSA-4h7h-5fv8-m6hg

github
около 3 лет назад

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

oracle-oval логотип

ELSA-2016-1025

oracle-oval
около 9 лет назад

ELSA-2016-1025: pcre security update (IMPORTANT)

EPSS

Процентиль: 90%
0.05775
Низкий