CVE-2015-2328
published 2015-12-02CVE-2015-2328: PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pcre3 | < pcre3 2:8.35-7.2 (bookworm) | pcre3 2:8.35-7.2 (bookworm) |
| oracle | linux | — | — |
| pcre | pcre | <= 8.35 | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH