CVE-2015-5073
published 2016-12-13CVE-2015-5073: Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash)…
critical9.1CVSS 3.0
AVNACLPRNUINSUCHINAH
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pcre3 | < pcre3 2:8.35-7 (bookworm) | pcre3 2:8.35-7 (bookworm) |
| ibm | powerkvm | — | — |
| ibm | powerkvm | — | — |
| pcre | pcre | <= 8.37 | — |
CVSS provenance
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL