Published: 13/12/2016 Updated: 18/05/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE prior to 8.38 allows remote malicious users to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm powerkvm 2.1
ibm powerkvm 3.1
pcre pcre

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

PCRE could be made to crash or run programs if it processed a specially-crafted regular expression ...

Debian Bug report logs - #809706 pcre3: CVE-2016-1283 Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Jan 2016 06:37:17 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version pcr ...

Debian Bug report logs - #806467 pcre3: CVE-2015-8380: Heap overflow / invalid write in fuction pcre_exec Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Nov 2015 18:27:06 UTC Severity: normal Tags: fixed-upstream ...

Debian Bug report logs - #790000 pcre3: CVE-2015-5073: heap overflow vulnerability in find_fixedlength() Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 26 Jun 2015 05:30:01 UTC Severity: important Tags: fixed-upstre ...

Heap-based buffer overflow in the find_fixedlength function in pcre_compilec in PCRE before 838 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis (CVE-2015-5073) PCRE be ...

Heap-based buffer overflow in the find_fixedlength function in pcre_compilec in PCRE before 838 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis ...

CWE-119 CWE-200 http://www.openwall.com/lists/oss-security/2015/06/26/1 http://vcs.pcre.org/pcre?view=revision&revision=1571 https://bugs.exim.org/show_bug.cgi?id=1651 http://www.openwall.com/lists/oss-security/2015/06/26/3 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.securityfocus.com/bid/75430 http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup http://www.securitytracker.com/id/1033154 https://security.gentoo.org/glsa/201607-02 https://access.redhat.com/errata/RHSA-2016:1132 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://rhn.redhat.com/errata/RHSA-2016-1025.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://access.redhat.com/errata/RHSA-2016:2750 https://nvd.nist.gov https://usn.ubuntu.com/2943-1/

CVE-2015-5073

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect