CVE-2015-8391: Buffer Overflow

First published: Wed Dec 02 2015(Updated: )

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Pcre Pcre	<8.38
Oracle Linux	=7
Fedoraproject Fedora	=22
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=7.2
Redhat Enterprise Linux Eus	=7.3
Redhat Enterprise Linux Eus	=7.4
Redhat Enterprise Linux Eus	=7.5
Redhat Enterprise Linux Eus	=7.6
Redhat Enterprise Linux Eus	=7.7
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.2
Redhat Enterprise Linux Server Aus	=7.3
Redhat Enterprise Linux Server Aus	=7.4
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Aus	=7.7
Redhat Enterprise Linux Server Tus	=7.2
Redhat Enterprise Linux Server Tus	=7.3
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Server Tus	=7.7
Redhat Enterprise Linux Workstation	=7.0
PHP PHP	>=5.5.0<5.5.32
PHP PHP	>=5.6.0<5.6.18
PHP PHP	>=7.0.0<7.0.3
redhat/pcre	<8.38	8.38
	<7.0.3	7.0.3

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
collector/php-changelog
source/PHP
alias/CVE-2015-8386
alias/CVE-2015-8387
alias/CVE-2015-8389
alias/CVE-2015-8390
alias/CVE-2015-8391
alias/CVE-2015-8393
alias/CVE-2015-8394
agent/software-canonical-lookup
agent/severity
agent/references
agent/author
agent/weakness
agent/description
collector/redhat-bugzilla
source/Red Hat
agent/event
alias/CVE-2015-8383
agent/tags
collector/mitre-cve
source/MITRE
vendor/pcre
canonical/pcre pcre
vendor/oracle
canonical/oracle linux
version/oracle linux/7
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/22
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.2
version/redhat enterprise linux eus/7.3
version/redhat enterprise linux eus/7.4
version/redhat enterprise linux eus/7.5
version/redhat enterprise linux eus/7.6
version/redhat enterprise linux eus/7.7
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.2
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.2
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
vendor/php
canonical/php php
version/php php/5.5.0
version/php php/5.6.0
version/php php/7.0.0
package-manager/redhat

CVE-2015-8391: Buffer Overflow

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact