Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-5073

Опубликовано: 13 дек. 2016
Источник: debian
EPSS Низкий

Описание

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pcre3fixed2:8.35-7package
pcre3fixed2:8.35-3.3+deb8u1jessiepackage
pcre3no-dsawheezypackage
pcre3no-dsasqueezepackage

Примечания

  • https://bugs.exim.org/show_bug.cgi?id=1651

  • Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1571 (8.38)

  • Introduced in http://vcs.pcre.org/pcre?view=revision&revision=454 (8.00)

  • https://www.openwall.com/lists/oss-security/2015/06/26/1

EPSS

Процентиль: 71%
0.00714
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-5073

CVSS3: 9.1
ubuntu
больше 8 лет назад

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

redhat логотип

CVE-2015-5073

redhat
около 10 лет назад

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

nvd логотип

CVE-2015-5073

CVSS3: 9.1
nvd
больше 8 лет назад

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

github логотип

GHSA-r9r2-m4cw-3hgp

CVSS3: 9.1
github
около 3 лет назад

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

oracle-oval логотип

ELSA-2016-1025

oracle-oval
около 9 лет назад

ELSA-2016-1025: pcre security update (IMPORTANT)

EPSS

Процентиль: 71%
0.00714
Низкий