Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1283

Опубликовано: 04 янв. 2016
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'){97)?J)?J)(?'R'(?'R'){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8pcreNot affected
Red Hat Enterprise Linux 5pcreNot affected
Red Hat Enterprise Linux 6glib2Not affected
Red Hat Enterprise Linux 6pcreNot affected
Red Hat Enterprise Linux 7glib2Not affected
Red Hat Enterprise Linux 7pcreNot affected
Red Hat Enterprise Linux 7virtuoso-opensourceNot affected
Red Hat JBoss Enterprise Web Server 1httpdNot affected
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat JBoss Enterprise Web Server 3pcreNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1295385pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)

EPSS

Процентиль: 88%
0.03747
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-1283

CVSS3: 9.8
ubuntu
больше 9 лет назад

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

nvd логотип

CVE-2016-1283

CVSS3: 9.8
nvd
больше 9 лет назад

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

debian логотип

CVE-2016-1283

CVSS3: 9.8
debian
больше 9 лет назад

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles t ...

github логотип

GHSA-3v53-2g4c-6vpg

CVSS3: 9.8
github
около 3 лет назад

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

suse-cvrf логотип

openSUSE-SU-2016:3099-1

suse-cvrf
больше 8 лет назад

Security update for pcre

EPSS

Процентиль: 88%
0.03747
Низкий

6.8 Medium

CVSS2