Описание
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 8 | pcre | Not affected | ||
| Red Hat Enterprise Linux 5 | pcre | Not affected | ||
| Red Hat Enterprise Linux 6 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 6 | pcre | Not affected | ||
| Red Hat Enterprise Linux 7 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 7 | virtuoso-opensource | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | pcre | Will not fix | ||
| Red Hat Software Collections | php54-php | Will not fix |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS2
Связанные уязвимости
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 ...
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
6.8 Medium
CVSS2