Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8380

Опубликовано: 02 дек. 2015
Источник: debian

Описание

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pcre3fixed2:8.38-1package
pcre3fixed2:8.35-3.3+deb8u2jessiepackage
pcre3not-affectedwheezypackage
pcre3not-affectedsqueezepackage
pcre2not-affectedpackage

Примечания

  • For wheezy: same code looks present around patched lines, though the

  • reproducer does not lead to a crash, and just gives

  • "Matched, but too many substrings"

  • Fixed in 8.38 upstream

  • Commit: http://vcs.pcre.org/pcre?view=revision&revision=1565

  • https://bugs.exim.org/show_bug.cgi?id=1637

  • https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html

Связанные уязвимости

ubuntu логотип

CVE-2015-8380

ubuntu
около 10 лет назад

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

redhat логотип

CVE-2015-8380

redhat
больше 10 лет назад

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

nvd логотип

CVE-2015-8380

nvd
около 10 лет назад

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

github логотип

GHSA-67r8-54m7-f6x4

github
больше 3 лет назад

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

suse-cvrf логотип

openSUSE-SU-2016:3099-1

suse-cvrf
около 9 лет назад

Security update for pcre