Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8382

Опубликовано: 03 фев. 2015
Источник: redhat
CVSS2: 1.9

Описание

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5pcreWill not fix
Red Hat Enterprise Linux 6pcreWill not fix
Red Hat Enterprise Linux 7pcreWill not fix
Red Hat OpenShift Enterprise 2phpNot affected
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix
Red Hat Software Collectionsrh-php56-phpWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-665
https://bugzilla.redhat.com/show_bug.cgi?id=1187225php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)

1.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8382

ubuntu
около 10 лет назад

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

nvd логотип

CVE-2015-8382

nvd
около 10 лет назад

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

debian логотип

CVE-2015-8382

debian
около 10 лет назад

The match function in pcre_exec.c in PCRE before 8.37 mishandles the / ...

github логотип

GHSA-h7q3-3hf3-hv3q

github
больше 3 лет назад

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

suse-cvrf логотип

openSUSE-SU-2016:3099-1

suse-cvrf
около 9 лет назад

Security update for pcre

1.9 Low

CVSS2