Описание
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\.|([^\\W_])?)+)+$/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 8 | pcre | Not affected | ||
| Red Hat Enterprise Linux 5 | pcre | Not affected | ||
| Red Hat Enterprise Linux 6 | glib2 | Will not fix | ||
| Red Hat Enterprise Linux 6 | pcre | Will not fix | ||
| Red Hat Enterprise Linux 7 | glib2 | Will not fix | ||
| Red Hat Enterprise Linux 7 | virtuoso-opensource | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | pcre | Will not fix | ||
| Red Hat Software Collections | php54-php | Will not fix |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty ...
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
4.3 Medium
CVSS2