What is the severity of CVE-2015-8391?

CVE-2015-8391 has a severity level classified as a denial of service vulnerability that can lead to high CPU consumption.

How do I fix CVE-2015-8391?

To fix CVE-2015-8391, upgrade to PCRE version 8.38 or later.

What software is affected by CVE-2015-8391?

CVE-2015-8391 affects PCRE versions prior to 8.38 and certain versions of PHP up to 7.0.3.

Can CVE-2015-8391 be exploited remotely?

Yes, CVE-2015-8391 can be exploited remotely by sending crafted regular expressions.

What impact can CVE-2015-8391 have on systems?

CVE-2015-8391 can lead to denial of service due to high CPU consumption, potentially affecting system availability.

Vulnerability/
CVE-2015-8391

critical

9.8

CWE

119

2/12/2015

6/8/2024

CVE-2015-8391: Buffer Overflow

First published: Wed Dec 02 2015(Updated: )

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/pcre	<8.38	8.38
PHP	<7.0.3	7.0.3
pcre pcre	<8.38
Oracle Linux	=7
Fedora	=22
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux eus	=7.2
redhat enterprise Linux eus	=7.3
redhat enterprise Linux eus	=7.4
redhat enterprise Linux eus	=7.5
redhat enterprise Linux eus	=7.6
redhat enterprise Linux eus	=7.7
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=7.2
redhat enterprise Linux server aus	=7.3
redhat enterprise Linux server aus	=7.4
redhat enterprise Linux server aus	=7.6
redhat enterprise Linux server aus	=7.7
redhat enterprise Linux server tus	=7.2
redhat enterprise Linux server tus	=7.3
redhat enterprise Linux server tus	=7.6
redhat enterprise Linux server tus	=7.7
redhat enterprise Linux workstation	=7.0
PHP	>=5.5.0<5.5.32
PHP	>=5.6.0<5.6.18
PHP	>=7.0.0<7.0.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8391?
CVE-2015-8391 has a severity level classified as a denial of service vulnerability that can lead to high CPU consumption.
How do I fix CVE-2015-8391?
To fix CVE-2015-8391, upgrade to PCRE version 8.38 or later.
What software is affected by CVE-2015-8391?
CVE-2015-8391 affects PCRE versions prior to 8.38 and certain versions of PHP up to 7.0.3.
Can CVE-2015-8391 be exploited remotely?
Yes, CVE-2015-8391 can be exploited remotely by sending crafted regular expressions.
What impact can CVE-2015-8391 have on systems?
CVE-2015-8391 can lead to denial of service due to high CPU consumption, potentially affecting system availability.

agent/type
agent/severity
agent/references
agent/author
agent/weakness
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2015-8391
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
collector/php-changelog
source/PHP
alias/CVE-2015-8386
alias/CVE-2015-8387
alias/CVE-2015-8389
alias/CVE-2015-8390
alias/CVE-2015-8393
alias/CVE-2015-8394
agent/software-canonical-lookup-request
alias/CVE-2015-8383
agent/tags
agent/softwarecombine
collector/nvd-index
package-manager/redhat
vendor/php
canonical/php
vendor/pcre
canonical/pcre pcre
vendor/oracle
canonical/oracle linux
version/oracle linux/7
vendor/fedoraproject
canonical/fedora
version/fedora/22
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.2
version/redhat enterprise linux eus/7.3
version/redhat enterprise linux eus/7.4
version/redhat enterprise linux eus/7.5
version/redhat enterprise linux eus/7.6
version/redhat enterprise linux eus/7.7
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.2
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.2
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
version/php/5.5.0
version/php/5.6.0
version/php/7.0.0