Published: 13/12/2016 Updated: 20/12/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in PCRE 8.34 up to and including 8.37 and PCRE2 10.10 allows remote malicious users to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pcre pcre2 10.10
pcre pcre 8.34
pcre pcre 8.36
pcre pcre 8.37
pcre pcre 8.35

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

PCRE could be made to crash or run programs if it processed a specially-crafted regular expression ...

Debian Bug report logs - #794589 pcre3: CVE-2015-8382: pcre_exec does not fill offsets for certain regexps Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Aug 2015 17:57:02 UTC Severity: important Tags: patch, sec ...

Debian Bug report logs - #809706 pcre3: CVE-2016-1283 Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Jan 2016 06:37:17 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version pcr ...

Debian Bug report logs - #806467 pcre3: CVE-2015-8380: Heap overflow / invalid write in fuction pcre_exec Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Nov 2015 18:27:06 UTC Severity: normal Tags: fixed-upstream ...

Debian Bug report logs - #781795 pcre3: CVE-2015-2325: heap buffer overflow in compile_branch() Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 3 Apr 2015 09:33:02 UTC Severity: important Tags: fixed-upstream, patch ...

Debian Bug report logs - #787433 pcre3: CVE-2015-3210: heap buffer overflow in pcre_compile2() / compile_regex() Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 1 Jun 2015 17:27:01 UTC Severity: important Tags: fixe ...

Debian Bug report logs - #783285 pcre3: CVE-2015-2326: heap buffer overflow in pcre_compile2() Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Apr 2015 08:39:02 UTC Severity: important Tags: patch, security, upstr ...

Heap-based buffer overflow in PCRE 834 through 837 and PCRE2 1010 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384 ...

CWE-787 http://www.openwall.com/lists/oss-security/2015/06/01/7 https://bugs.exim.org/show_bug.cgi?id=1636 http://www.openwall.com/lists/oss-security/2015/12/02/11 http://www.securityfocus.com/bid/74934 https://access.redhat.com/errata/RHSA-2016:1132 http://rhn.redhat.com/errata/RHSA-2016-2750.html https://access.redhat.com/errata/RHSA-2016:2750 https://nvd.nist.gov https://usn.ubuntu.com/2694-1/

Get Started

CVE-2015-3210

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect