CVE-2015-8380 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl Compatible Regular Expression Library

CWE-119 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 20.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pcre Perl Compatible Regular Expression LibraryFedoraproject Fedora
Timeline
PublishedDec 2
Latest updateMay 17

Description

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Also affects: Fedora 22

πŸ”΄Vulnerability Details

3
GHSA
GHSA-67r8-54m7-f6x4: The pcre_exec function in pcre_exec↗2022-05-17
β–Ά
OSV
CVE-2015-8380: The pcre_exec function in pcre_exec↗2015-12-02
β–Ά
CVEList
CVE-2015-8380: The pcre_exec function in pcre_exec↗2015-12-02
β–Ά

πŸ“‹Vendor Advisories

3
Ubuntu
PCRE vulnerabilities↗2016-03-29
β–Ά
Red Hat
pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)β†—2015-06-01
β–Ά
Debian
CVE-2015-8380: pcre2 - The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // patter...β†—2015
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2015-8380 pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)β†—2015-11-25
β–Ά
CVE-2015-8380 β€” HIGH severity | cvebase