Published: 28/03/2016 Updated: 03/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote malicious users to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pcre pcre 8.35

Debian Bug report logs - #819050 pcre3: CVE-2014-9769: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used Package: libpcre3; Maintainer for libpcre3 is Matthew Vernon <matthew@debianorg>; Source for libpcre3 is src:pcre3 (PTS, buildd, popcon) Affects: suricata Reported by: de ...

PCRE could be made to crash or run programs if it processed a specially-crafted regular expression ...

pcre_jit_compilec in PCRE 835 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging T ...

CWE-119 https://redmine.openinfosecfoundation.org/issues/1693 https://bugs.debian.org/819050 http://www.openwall.com/lists/oss-security/2016/03/26/1 http://vcs.pcre.org/pcre?view=revision&revision=1475 http://www.securityfocus.com/bid/85570 http://www.securitytracker.com/id/1035424 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050 https://usn.ubuntu.com/2943-1/https://nvd.nist.gov

CVE-2014-9769

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect