HIGH✓ PATCH🇬🇧 English

CVE-2015-8388

CVSS 7.5v2.0pub. 2015-12-02upd. 2026-05-06

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Oracle Linux

    OS
    Oracle
    7
  • Pcre Perl Compatible Regular Expression Library

    APP
    Pcre
    ≤ 8.37
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoSMemory
CWE
Referencje

Powiązane podatności

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...

CVE-2014-6271CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...

CVE-2016-1908CRITICAL9.8ten sam produkt

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies o...

CVE-2016-2182CRITICAL9.8ten sam produkt

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division res...