Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8391

Опубликовано: 23 нояб. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8pcreNot affected
Red Hat Enterprise Linux 5pcreNot affected
Red Hat Enterprise Linux 6glib2Not affected
Red Hat Enterprise Linux 6pcreNot affected
Red Hat Enterprise Linux 7glib2Will not fix
Red Hat Enterprise Linux 7virtuoso-opensourceNot affected
Red Hat JBoss Enterprise Web Server 1httpdNot affected
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat JBoss Enterprise Web Server 3pcreWill not fix
Red Hat Software Collectionsphp54-phpWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-407
https://bugzilla.redhat.com/show_bug.cgi?id=1287671pcre: inefficient posix character class syntax check (8.38/16)

EPSS

Процентиль: 92%
0.0768
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8391

CVSS3: 9.8
ubuntu
почти 10 лет назад

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

nvd логотип

CVE-2015-8391

CVSS3: 9.8
nvd
почти 10 лет назад

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

debian логотип

CVE-2015-8391

CVSS3: 9.8
debian
почти 10 лет назад

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishan ...

github логотип

GHSA-86ch-fq45-3c2j

CVSS3: 9.8
github
больше 3 лет назад

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

fstec логотип

BDU:2022-04560

CVSS3: 8.8
fstec
почти 10 лет назад

Уязвимость функции pcre_compile() библиотеки регулярных выражений на языке Perl PCRE, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 92%
0.0768
Низкий

4.3 Medium

CVSS2