Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-8381

Опубликовано: 02 дек. 2015
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 7.5

Описание

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

РелизСтатусПримечание
devel

not-affected

10.20-3
esm-apps/xenial

not-affected

10.20-3
esm-infra-legacy/trusty

DNE

precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

10.20-3
vivid

DNE

vivid/stable-phone-overlay

DNE

Показывать по

РелизСтатусПримечание
devel

not-affected

2:8.38-3
esm-infra-legacy/trusty

not-affected

reproducer doesn't work
esm-infra/xenial

not-affected

2:8.38-3
precise

not-affected

precise/esm

not-affected

trusty

not-affected

reproducer doesn't work
trusty/esm

not-affected

reproducer doesn't work
upstream

released

8.38
vivid

ignored

end of life
vivid/stable-phone-overlay

ignored

end of life, was pending

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.10587
Средний

7.5 High

CVSS2

Связанные уязвимости

redhat логотип

CVE-2015-8381

redhat
около 10 лет назад

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

nvd логотип

CVE-2015-8381

nvd
около 10 лет назад

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

debian логотип

CVE-2015-8381

debian
около 10 лет назад

The compile_regex function in pcre_compile.c in PCRE before 8.38 and p ...

github логотип

GHSA-wvfj-fw7x-gqpr

github
больше 3 лет назад

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

suse-cvrf логотип

openSUSE-SU-2016:3099-1

suse-cvrf
около 9 лет назад

Security update for pcre

EPSS

Процентиль: 93%
0.10587
Средний

7.5 High

CVSS2