CVE-2015-8383Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl Compatible Regular Expression Library

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow12 documents8 sources
Severity
9.8CRITICALNVD
EPSS
2.3%
top 15.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PHPPcre Perl Compatible Regular Expression LibraryFedoraproject Fedora
Timeline
PublishedDec 2
Latest updateMay 14

Description

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDphp/php5.5.05.5.32+2

Also affects: Fedora 22

🔴Vulnerability Details

3
GHSA
GHSA-jc3f-3h6r-67mm: PCRE before 82022-05-14
CVEList
CVE-2015-8383: PCRE before 82015-12-02
OSV
CVE-2015-8383: PCRE before 82015-12-02

📋Vendor Advisories

3
Ubuntu
PCRE vulnerabilities2016-03-29
Red Hat
pcre: Buffer overflow caused by repeated conditional group (8.38/3)2015-11-23
Debian
CVE-2015-8383: pcre3 - PCRE before 8.38 mishandles certain repeated conditional groups, which allows re...2015

💬Community

5
Bugzilla
CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)2015-12-02
Bugzilla
CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [epel-7]2015-12-02
Bugzilla
CVE-2015-8383 glib2: pcre: Buffer overflow caused by repeated conditional group [fedora-all]2015-12-02
Bugzilla
CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [fedora-all]2015-12-02
Bugzilla
CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group [fedora-all]2015-12-02
CVE-2015-8383 — CRITICAL severity | cvebase