QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8389

Published: Dec 2, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20151128 Re: Heap Overflow in PCRE

mailing-list

vdb-entry

FEDORA-2015-eb896290d3

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://bto.bluecoat.com/security-advisory/sa128

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

vendor-advisory

https://security.netapp.com/advisory/ntap-20230216-0002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.