Published: 28/03/2016 Updated: 03/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote malicious users to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pcre pcre 8.35

PCRE could be made to crash or run programs if it processed a specially-crafted regular expression ...

Debian Bug report logs - #819050 pcre3: CVE-2014-9769: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used Package: libpcre3; Maintainer for libpcre3 is Matthew Vernon <matthew@debianorg>; Source for libpcre3 is src:pcre3 (PTS, buildd, popcon) Affects: suricata Reported by: de ...

pcre_jit_compilec in PCRE 835 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging T ...

CWE-119 https://redmine.openinfosecfoundation.org/issues/1693 https://bugs.debian.org/819050 http://www.openwall.com/lists/oss-security/2016/03/26/1 http://vcs.pcre.org/pcre?view=revision&revision=1475 http://www.securityfocus.com/bid/85570 http://www.securitytracker.com/id/1035424 https://usn.ubuntu.com/2943-1/https://nvd.nist.gov

CVE-2014-9769

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect