CVE-2015-8385 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl Compatible Regular Expression Library
Severity
7.5HIGHNVD
EPSS
5.1%
top 10.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 2
Latest updateMay 13
Description
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages2 packages
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused by forward reference by name to certain group [epel-7]↗2015-12-02
Bugzilla▶
CVE-2015-8385 glib2: pcre: Buffer overflow caused by forward reference by name to certain group [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused by forward reference by name to certain group [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)↗2015-12-02
Bugzilla▶
CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group [fedora-all]↗2015-12-02