CVE-2015-5073

CWE-119Buffer OverflowCWE-200Information ExposureCWE-122Heap-based Buffer Overflow12 documents8 sources
Severity
9.1CRITICAL
EPSS
0.5%
top 32.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pcre PcreIBM Powerkvm
Timeline
PublishedDec 13
Latest updateMay 14

Description

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

Debianpcre3< 2:8.35-7+1
NVDpcre/pcre8.37
NVDibm/powerkvm2.1, 3.1+1

🔴Vulnerability Details

3
GHSA
GHSA-r9r2-m4cw-3hgp: Heap-based buffer overflow in the find_fixedlength function in pcre_compile2022-05-14
OSV
CVE-2015-5073: Heap-based buffer overflow in the find_fixedlength function in pcre_compile2016-12-13
CVEList
CVE-2015-5073: Heap-based buffer overflow in the find_fixedlength function in pcre_compile2016-12-13

📋Vendor Advisories

4
Ubuntu
PCRE vulnerabilities2016-03-29
Ubuntu
PCRE vulnerabilities2015-07-29
Red Hat
pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)2015-06-23
Debian
CVE-2015-5073: pcre3 - Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in...2015

💬Community

4
Bugzilla
pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis (8.38/18)2015-12-02
Bugzilla
CVE-2015-5073 mingw-pcre: pcre: heap buffer overflow in find_fixedlength() [fedora-all]2015-06-30
Bugzilla
CVE-2015-5073 pcre: heap buffer overflow in find_fixedlength() [fedora-all]2015-06-30
Bugzilla
CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)2015-06-30
CVE-2015-5073 (CRITICAL CVSS 9.1) | Heap-based buffer overflow in the f | cvebase.io