Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-8964

Published: 16/12/2014 Updated: 04/08/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Heap-based buffer overflow in PCRE 8.36 and previous versions allows remote malicious users to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pcre pcre

mariadb mariadb

fedoraproject fedora 20

fedoraproject fedora 21

fedoraproject fedora 19

opensuse opensuse 13.1

opensuse opensuse 13.2

oracle solaris 11.2

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux eus 7.6

redhat enterprise linux eus 7.7

redhat enterprise linux server aus 7.7

redhat enterprise linux server aus 7.6

redhat enterprise linux server tus 7.6

redhat enterprise linux server tus 7.7

Vendor Advisories

Ubuntu Security Notice: pcre3 vulnerabilities
PCRE could be made to crash or run programs if it processed a specially-crafted regular expression ...
Debian CVElist Bug Report Logs: pcre3: CVE-2014-8964: heap buffer overflow
Debian Bug report logs - #770478 pcre3: CVE-2014-8964: heap buffer overflow Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 21 Nov 2014 15:39:07 UTC Severity: important Tags: patch, security, upstream Found in versi ...
Amazon Linux AMI: ALAS-2015-528
A flaw was found in the way PCRE handled certain malformed regular expressions This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions ...
Red Hat: CVE-2014-8964
A flaw was found in the way PCRE handled certain malformed regular expressions This issue could cause an application (for example, Konqueror) linked against PCRE to crash while parsing malicious regular expressions ...

References

CWE-119http://www.openwall.com/lists/oss-security/2014/11/21/6http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1166147http://bugs.exim.org/show_bug.cgi?id=1546http://www.exim.org/viewvc/pcre?view=revision&revision=1513http://rhn.redhat.com/errata/RHSA-2015-0330.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:002http://advisories.mageia.org/MGASA-2014-0534.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:137http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.htmlhttp://lists.opensuse.org/opensuse-updates/2015-05/msg00014.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/71206https://security.gentoo.org/glsa/201607-02https://usn.ubuntu.com/2694-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-8964
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook