Back to search
CVE-2015-5073
Published: Dec 13, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
75430
vdb-entry
x_refsource_BID
RHSA-2016:1132
vendor-advisory
x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
x_refsource_CONFIRM
RHSA-2016:1025
vendor-advisory
x_refsource_REDHAT
RHSA-2016:2750
vendor-advisory
x_refsource_REDHAT
[oss-security] 20150626 CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()
mailing-list
x_refsource_MLIST
[oss-security] 20150626 Re: CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()
mailing-list
x_refsource_MLIST
https://bugs.exim.org/show_bug.cgi?id=1651
x_refsource_CONFIRM
1033154
vdb-entry
x_refsource_SECTRACK
http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup
x_refsource_CONFIRM
http://vcs.pcre.org/pcre?view=revision&revision=1571
x_refsource_CONFIRM
GLSA-201607-02
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now