Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2015-8391

Published: 02/12/2015 Updated: 16/02/2023
CVSS v2 Base Score: 9 | Impact Score: 8.5 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 802
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C
Subscribe to Pcre

Vulnerability Summary

The pcre_compile function in pcre_compile.c in PCRE prior to 8.38 mishandles certain [: nesting, which allows remote malicious users to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pcre pcre

oracle linux 7

fedoraproject fedora 22

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server tus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux eus 7.6

redhat enterprise linux eus 7.2

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

php php

Vendor Advisories

Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update
Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...
Debian CVElist Bug Report Logs: pcre3: CVE-2015-8380: Heap overflow / invalid write in fuction pcre_exec
Debian Bug report logs - #806467 pcre3: CVE-2015-8380: Heap overflow / invalid write in fuction pcre_exec Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Nov 2015 18:27:06 UTC Severity: normal Tags: fixed-upstream ...
Ubuntu Security Notice: pcre3 vulnerabilities
PCRE could be made to crash or run programs if it processed a specially-crafted regular expression ...
Red Hat: CVE-2015-8391
The pcre_compile function in pcre_compilec in PCRE before 838 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror ...
Tenable Security Advisories: [R5] SecurityCenter 5.2.0 Affected by Third-party Library Vulnerabilities
PHP bundles the Perl-Compatible Regular Expressions (PCRE) library for RegExp parsing, which SecurityCenter implements PHP 5618 was released that fixes a variety of issues in the bundled PCRE library, that includes: CVE-2015-8383 - PCRE RegExp Repeated Conditional Group Handling Buffer Overflow DoS CVE-2015-8386 - PCRE lookbehind Assertion Mutu ...

References

CWE-119http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markuphttp://www.openwall.com/lists/oss-security/2015/11/29/1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/82990http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.htmlhttp://www-01.ibm.com/support/docview.wss?uid=isg3T1023886https://bto.bluecoat.com/security-advisory/sa128https://security.gentoo.org/glsa/201607-02https://access.redhat.com/errata/RHSA-2016:1132http://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1025.htmlhttps://security.netapp.com/advisory/ntap-20230216-0002/https://access.redhat.com/errata/RHSA-2016:2750https://usn.ubuntu.com/2943-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook