QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8391

Published: Dec 2, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20151128 Re: Heap Overflow in PCRE

mailing-list

vendor-advisory

vdb-entry

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886

vendor-advisory

vendor-advisory

FEDORA-2015-eb896290d3

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://bto.bluecoat.com/security-advisory/sa128

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

vendor-advisory

https://security.netapp.com/advisory/ntap-20230216-0002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.