Published: 03/01/2016 Updated: 20/07/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote malicious users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pcre pcre 8.38
php php
fedoraproject fedora 22
fedoraproject fedora 23
oracle solaris 11.3

Debian Bug report logs - #809706 pcre3: CVE-2016-1283 Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Jan 2016 06:37:17 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version pcr ...

PCRE could be made to crash or run programs if it processed a specially-crafted regular expression ...

pcre: heap buffer overflow in handling of duplicate named groups (839/14)The pcre_compile2 function in pcre_compilec mishandles the /((?:F?+(?:^(?(R)a+\\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\\){97)?J)?J)(?'R'(?'R'\\){99|(:(?|(?'R')(\\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attacker ...

The pcre_compile2 function in pcre_compilec in PCRE 838 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or po ...

SecurityCenter leverages third-party software to help provide underlying functionality Two of the third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled PHP and OpenSSL to add ...

The Log Correlation Engine (LCE) is potentially impacted by several vulnerabilities in OpenSSL (20160503), libpcre / PCRE, Libxml2, Handlebars, libcurl, and jQuery that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included versions of each library as a ...

CWE-119 https://bugs.exim.org/show_bug.cgi?id=1767 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/79825 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html http://www.securitytracker.com/id/1034555 https://bto.bluecoat.com/security-advisory/sa128 https://www.tenable.com/security/tns-2016-18 https://security.gentoo.org/glsa/201607-02 https://www.tenable.com/security/tns-2017-14 https://access.redhat.com/errata/RHSA-2016:1132 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809706 https://usn.ubuntu.com/2943-1/https://nvd.nist.gov

CVE-2016-1283

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect