CVE-2015-2326

Опубликовано: 23 мар. 2015

Источник: redhat

CVSS2: 4.3

Описание

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

Отчет

This issue did not affect the versions of pcre as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	pcre	Not affected
Red Hat Enterprise Linux 6	glib2	Not affected
Red Hat Enterprise Linux 6	pcre	Not affected
Red Hat Enterprise Linux 7	glib2	Not affected
Red Hat Enterprise Linux 7	pcre	Not affected
Red Hat Software Collections	php54-php	Not affected
Red Hat Software Collections	php55-php	Not affected
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-php56	Fixed	RHSA-2016:2750	15.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-php56-php	Fixed	RHSA-2016:2750	15.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-php56-php-pear	Fixed	RHSA-2016:2750	15.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1207202pcre: heap buffer over-read in pcre_compile2() (8.37/23)

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-2326

CVSS3: 5.5

ubuntu

больше 5 лет назад

CVE-2015-2326

CVSS3: 5.5

nvd

больше 5 лет назад

CVE-2015-2326

CVSS3: 5.5

debian

больше 5 лет назад

The pcre_compile2 function in PCRE before 8.37 allows context-dependen ...

GHSA-m793-2mj8-wj8q

CVSS3: 5.5

github

около 3 лет назад

SUSE-SU-2015:1273-1

suse-cvrf

почти 10 лет назад

Security update for mariadb

4.3 Medium

CVSS2