CVE-2015-8390
02.12.2015, 01:59
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| pcre | perl_compatible_regular_expression_library | 𝑥 ≤ 8.37 |
| php | php | 5.5.0 ≤ 𝑥 < 5.5.32 |
| php | php | 5.6.0 ≤ 𝑥 < 5.6.18 |
| php | php | 7.0.0 ≤ 𝑥 < 7.0.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libpcre1 |
| ||||||||||||||||||||||
| libpcre1-32bit |
| ||||||||||||||||||||||
| libpcre16-0 |
| ||||||||||||||||||||||
| libpcrecpp0 |
| ||||||||||||||||||||||
| libpcrecpp0-32bit |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| glib2 |
| ||||
| glib2-debuginfo |
| ||||
| glib2-devel |
| ||||
| glib2-doc |
| ||||
| glib2-fam |
| ||||
| glib2-static |
| ||||
| glib2-tests |
| ||||
| pcre |
| ||||
| pcre-debuginfo |
| ||||
| pcre-devel |
| ||||
| pcre-static |
| ||||
| pcre-tools |
|
Common Weakness Enumeration
References