CVE-2015-8386
published 2015-12-02CVE-2015-8386: PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pcre3 | < pcre3 2:8.38-1 (bookworm) | pcre3 2:8.38-1 (bookworm) |
| fedoraproject | fedora | — | — |
| oracle | linux | — | — |
| pcre | perl_compatible_regular_expression_library | <= 8.37 | — |
| php | php | >= 5.5.0 < 5.5.32 | 5.5.32 |
| php | php | >= 5.6.0 < 5.6.18 | 5.6.18 |
| php | php | >= 7.0.0 < 7.0.3 | 7.0.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL