CVE-2015-8384Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl Compatible Regular Expression Library

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-120Classic Buffer Overflow16 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pcre Perl Compatible Regular Expression Library
Timeline
PublishedDec 2
Latest updateMay 14

Description

PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-52qf-gwh3-p975: PCRE before 82022-05-14
CVEList
CVE-2015-8384: PCRE before 82015-12-02
OSV
CVE-2015-8384: PCRE before 82015-12-02

📋Vendor Advisories

6
Ubuntu
PCRE vulnerabilities2016-03-29
Red Hat
pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)2015-11-23
Red Hat
pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)2015-11-23
Red Hat
pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)2015-11-23
Red Hat
pcre: Buffer overflow caused by duplicate named references (8.38/36)2015-11-23

💬Community

6
Bugzilla
CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)2015-12-02
Bugzilla
CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group [fedora-all]2015-12-02
Bugzilla
CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused by recursive back reference by name within certain group [fedora-all]2015-12-02
Bugzilla
CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused by recursive back reference by name within certain group [epel-7]2015-12-02
Bugzilla
CVE-2015-8384 glib2: pcre: Buffer overflow caused by recursive back reference by name within certain group [fedora-all]2015-12-02
CVE-2015-8384 — HIGH severity | cvebase