Описание
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2:8.38-3 |
| esm-infra-legacy/trusty | not-affected | 1:8.31-2ubuntu2.1 |
| lucid | ignored | end of life |
| precise | not-affected | 8.12-4 |
| trusty | released | 1:8.31-2ubuntu2.1 |
| trusty/esm | not-affected | 1:8.31-2ubuntu2.1 |
| upstream | needed | |
| utopic | ignored | end of life |
| vivid | released | 2:8.35-3.3ubuntu1.1 |
| vivid/stable-phone-overlay | released | 2:8.35-3.3ubuntu1.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
The pcre_compile2 function in PCRE before 8.37 allows context-dependen ...
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3