CVE-2015-8380
02.12.2015, 01:59
The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| pcre | perl_compatible_regular_expression_library | 𝑥 ≤ 8.37 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libpcre1 |
| ||||||||||||||||||||||||||||||||||||||
| libpcre1-32bit |
| ||||||||||||||||||||||||||||||||||||||
| libpcre16-0 |
| ||||||||||||||||||||||||||||||||||||||
| libpcrecpp0 |
| ||||||||||||||||||||||||||||||||||||||
| libpcrecpp0-32bit |
|
Common Weakness Enumeration
References