CVE-2016-3191

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
pcrepcre
8.00
pcrepcre
8.01
pcrepcre
8.02
pcrepcre
8.10
pcrepcre
8.11
pcrepcre
8.12
pcrepcre
8.13
pcrepcre
8.20
pcrepcre
8.21
pcrepcre
8.30
pcrepcre
8.31
pcrepcre
8.32
pcrepcre
8.33
pcrepcre
8.34
pcrepcre
8.35
pcrepcre
8.36
pcrepcre
8.37
pcrepcre
8.38
pcrepcre2
𝑥
≤ 10.21
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pcre2
bullseye
10.36-2+deb11u1
fixed
wheezy
no-dsa
bookworm
10.42-1
fixed
sid
10.42-4
fixed
trixie
10.42-4
fixed
pcre3
bullseye
2:8.39-13
fixed
wheezy
no-dsa
bookworm
2:8.39-15
fixed
sid
2:8.39-15.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pcre2
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
wily
dne
trusty
dne
precise
dne
pcre3
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
Fixed 2:8.35-7.1ubuntu1.3
released
trusty
Fixed 1:8.31-2ubuntu2.2
released
precise
not-affected
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-1025.html
http://vcs.pcre.org/pcre2?view=revision&revision=489
http://vcs.pcre.org/pcre?view=revision&revision=1631
http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/84810
https://access.redhat.com/errata/RHSA-2016:1132
https://bto.bluecoat.com/security-advisory/sa128
https://bugs.debian.org/815920
https://bugs.debian.org/815921
https://bugs.exim.org/show_bug.cgi?id=1791
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
https://www.tenable.com/security/tns-2016-18
http://rhn.redhat.com/errata/RHSA-2016-1025.html
http://vcs.pcre.org/pcre2?view=revision&revision=489
http://vcs.pcre.org/pcre?view=revision&revision=1631
http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/84810
https://access.redhat.com/errata/RHSA-2016:1132
https://bto.bluecoat.com/security-advisory/sa128
https://bugs.debian.org/815920
https://bugs.debian.org/815921
https://bugs.exim.org/show_bug.cgi?id=1791
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
https://www.tenable.com/security/tns-2016-18