Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8386

Опубликовано: 23 нояб. 2015
Источник: redhat
CVSS2: 2.6
EPSS Низкий

Описание

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8pcreWill not fix
Red Hat Enterprise Linux 5pcreWill not fix
Red Hat Enterprise Linux 6glib2Will not fix
Red Hat Enterprise Linux 6pcreWill not fix
Red Hat Enterprise Linux 7glib2Will not fix
Red Hat Enterprise Linux 7virtuoso-opensourceWill not fix
Red Hat JBoss Enterprise Web Server 1httpdWill not fix
Red Hat JBoss Enterprise Web Server 2httpdWill not fix
Red Hat JBoss Enterprise Web Server 3pcreWill not fix
Red Hat Software Collectionsphp54-phpWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1287636pcre: Buffer overflow caused by lookbehind assertion (8.38/6)

EPSS

Процентиль: 91%
0.07134
Низкий

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8386

CVSS3: 9.8
ubuntu
больше 9 лет назад

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

nvd логотип

CVE-2015-8386

CVSS3: 9.8
nvd
больше 9 лет назад

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

debian логотип

CVE-2015-8386

CVSS3: 9.8
debian
больше 9 лет назад

PCRE before 8.38 mishandles the interaction of lookbehind assertions a ...

github логотип

GHSA-x66w-7mq7-3gxp

CVSS3: 9.8
github
около 3 лет назад

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

oracle-oval логотип

ELSA-2016-1025

oracle-oval
около 9 лет назад

ELSA-2016-1025: pcre security update (IMPORTANT)

EPSS

Процентиль: 91%
0.07134
Низкий

2.6 Low

CVSS2