Published: 17/03/2016 Updated: 05/01/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The compile_branch function in pcre_compile.c in PCRE 8.x prior to 8.39 and pcre2_compile.c in PCRE2 prior to 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote malicious users to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pcre pcre 8.38
pcre pcre 8.31
pcre pcre 8.30
pcre pcre 8.01
pcre pcre 8.00
pcre pcre 8.35
pcre pcre 8.34
pcre pcre 8.13
pcre pcre 8.12
pcre pcre 8.33
pcre pcre 8.32
pcre pcre 8.11
pcre pcre 8.10
pcre pcre 8.02
pcre pcre 8.37
pcre pcre 8.36
pcre pcre 8.21
pcre pcre 8.20
pcre pcre2

PCRE could be made to crash or run programs if it processed a specially-crafted regular expression ...

Debian Bug report logs - #809706 pcre3: CVE-2016-1283 Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Jan 2016 06:37:17 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version pcr ...

Debian Bug report logs - #815920 pcre2: CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested parentheses Package: src:pcre2; Maintainer for src:pcre2 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Feb 2016 18:36:01 UTC Severity: important Tags ...

The compile_branch function in pcre_compilec in PCRE 8x and pcre2_compilec in PCRE2 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a ...

The compile_branch function in pcre_compilec in PCRE 8x before 839 and pcre2_compilec in PCRE2 before 1022 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular express ...

The Log Correlation Engine (LCE) is potentially impacted by several vulnerabilities in OpenSSL (20160503), libpcre / PCRE, Libxml2, Handlebars, libcurl, and jQuery that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included versions of each library as a ...

CWE-119 https://bugs.debian.org/815921 http://vcs.pcre.org/pcre?view=revision&revision=1631 http://vcs.pcre.org/pcre2?view=revision&revision=489 https://bugs.debian.org/815920 https://bugs.exim.org/show_bug.cgi?id=1791 https://bugzilla.redhat.com/show_bug.cgi?id=1311503 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84810 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 https://bto.bluecoat.com/security-advisory/sa128 https://www.tenable.com/security/tns-2016-18 https://access.redhat.com/errata/RHSA-2016:1132 http://rhn.redhat.com/errata/RHSA-2016-1025.html https://usn.ubuntu.com/2943-1/https://nvd.nist.gov

CVE-2016-3191

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect