What is the severity of CVE-2015-8386?

CVE-2015-8386 has a severity rating that can lead to denial of service due to a buffer overflow caused by crafted regular expressions.

How do I fix CVE-2015-8386?

To fix CVE-2015-8386, ensure that your PCRE library is updated to version 8.38 or later.

Which versions of software are affected by CVE-2015-8386?

CVE-2015-8386 affects PCRE versions prior to 8.38, as well as certain versions of PHP and specific Linux distributions like Fedora 22 and Oracle Linux 7.

Can CVE-2015-8386 be exploited through web applications?

Yes, CVE-2015-8386 can be exploited by remote attackers using crafted regular expressions through web applications, resulting in denial of service.

What are the potential impacts of CVE-2015-8386?

The potential impacts of CVE-2015-8386 include denial of service through buffer overflow and possibly other unspecified consequences.

Vulnerability/
CVE-2015-8386

critical

9.8

CWE

119

2/12/2015

6/8/2024

CVE-2015-8386: Buffer Overflow

First published: Wed Dec 02 2015(Updated: )

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/pcre	<8.38	8.38
PHP	<7.0.3	7.0.3
PCRE (Perl Compatible Regular Expressions)	<=8.37
Fedora	=22
Oracle Linux	=7
PHP	>=5.5.0<5.5.32
PHP	>=5.6.0<5.6.18
PHP	>=7.0.0<7.0.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8386?
CVE-2015-8386 has a severity rating that can lead to denial of service due to a buffer overflow caused by crafted regular expressions.
How do I fix CVE-2015-8386?
To fix CVE-2015-8386, ensure that your PCRE library is updated to version 8.38 or later.
Which versions of software are affected by CVE-2015-8386?
CVE-2015-8386 affects PCRE versions prior to 8.38, as well as certain versions of PHP and specific Linux distributions like Fedora 22 and Oracle Linux 7.
Can CVE-2015-8386 be exploited through web applications?
Yes, CVE-2015-8386 can be exploited by remote attackers using crafted regular expressions through web applications, resulting in denial of service.
What are the potential impacts of CVE-2015-8386?
The potential impacts of CVE-2015-8386 include denial of service through buffer overflow and possibly other unspecified consequences.

agent/type
agent/references
agent/author
agent/severity
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2015-8386
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
collector/php-changelog
source/PHP
alias/CVE-2015-8387
alias/CVE-2015-8389
alias/CVE-2015-8390
alias/CVE-2015-8391
alias/CVE-2015-8393
alias/CVE-2015-8394
agent/software-canonical-lookup-request
alias/CVE-2015-8383
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
package-manager/redhat
vendor/php
canonical/php
vendor/pcre
canonical/pcre (perl compatible regular expressions)
version/pcre (perl compatible regular expressions)/8.37
vendor/fedoraproject
canonical/fedora
version/fedora/22
vendor/oracle
canonical/oracle linux
version/oracle linux/7
version/php/5.5.0
version/php/5.6.0
version/php/7.0.0