CVE-2016-3191

EUVD-2016-4232
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
pcrepcre
8.00
pcrepcre
8.01
pcrepcre
8.02
pcrepcre
8.10
pcrepcre
8.11
pcrepcre
8.12
pcrepcre
8.13
pcrepcre
8.20
pcrepcre
8.21
pcrepcre
8.30
pcrepcre
8.31
pcrepcre
8.32
pcrepcre
8.33
pcrepcre
8.34
pcrepcre
8.35
pcrepcre
8.36
pcrepcre
8.37
pcrepcre
8.38
pcrepcre2
𝑥
≤ 10.21
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pcre2
bookworm
10.42-1
fixed
bullseye
10.36-2+deb11u1
fixed
sid
10.42-4
fixed
trixie
10.42-4
fixed
wheezy
no-dsa
pcre3
bookworm
2:8.39-15
fixed
bullseye
2:8.39-13
fixed
sid
2:8.39-15.1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pcre2
artful
ignored
bionic
not-affected
cosmic
not-affected
precise
dne
trusty
dne
wily
dne
xenial
not-affected
yakkety
ignored
zesty
ignored
pcre3
artful
not-affected
bionic
not-affected
cosmic
not-affected
precise
not-affected
trusty
Fixed 1:8.31-2ubuntu2.2
released
wily
Fixed 2:8.35-7.1ubuntu1.3
released
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-1025.html
http://vcs.pcre.org/pcre2?view=revision&revision=489
http://vcs.pcre.org/pcre?view=revision&revision=1631
http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/84810
https://access.redhat.com/errata/RHSA-2016:1132
https://bto.bluecoat.com/security-advisory/sa128
https://bugs.debian.org/815920
https://bugs.debian.org/815921
https://bugs.exim.org/show_bug.cgi?id=1791
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
https://www.tenable.com/security/tns-2016-18
http://rhn.redhat.com/errata/RHSA-2016-1025.html
http://vcs.pcre.org/pcre2?view=revision&revision=489
http://vcs.pcre.org/pcre?view=revision&revision=1631
http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/84810
https://access.redhat.com/errata/RHSA-2016:1132
https://bto.bluecoat.com/security-advisory/sa128
https://bugs.debian.org/815920
https://bugs.debian.org/815921
https://bugs.exim.org/show_bug.cgi?id=1791
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
https://www.tenable.com/security/tns-2016-18