Описание
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application (for example, Konqueror) linked against PCRE to crash while parsing malicious regular expressions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | pcre | Not affected | ||
| Red Hat Enterprise Linux 6 | pcre | Not affected | ||
| Red Hat Software Collections | php54-php | Will not fix | ||
| Red Hat Software Collections | php55-php | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcre | Fixed | RHSA-2015:0330 | 05.03.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote atta ...
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
ELSA-2015-0330: pcre security and enhancement update (LOW)
EPSS
4.3 Medium
CVSS2