CVE-2015-8386Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl Compatible Regular Expression Library

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow12 documents8 sources
Severity
9.8CRITICALNVD
EPSS
7.5%
top 8.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PHPPcre Perl Compatible Regular Expression LibraryFedoraproject Fedora+1 more
Timeline
PublishedDec 2
Latest updateMay 13

Description

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDphp/php5.5.05.5.32+2

Also affects: Fedora 22

🔴Vulnerability Details

3
GHSA
GHSA-x66w-7mq7-3gxp: PCRE before 82022-05-13
CVEList
CVE-2015-8386: PCRE before 82015-12-02
OSV
CVE-2015-8386: PCRE before 82015-12-02

📋Vendor Advisories

3
Ubuntu
PCRE vulnerabilities2016-03-29
Red Hat
pcre: Buffer overflow caused by lookbehind assertion (8.38/6)2015-11-23
Debian
CVE-2015-8386: pcre3 - PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutuall...2015

💬Community

5
Bugzilla
CVE-2015-8386 glib2: pcre: Buffer overflow caused by lookbehind assertion [fedora-all]2015-12-02
Bugzilla
CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion [fedora-all]2015-12-02
Bugzilla
CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)2015-12-02
Bugzilla
CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [fedora-all]2015-12-02
Bugzilla
CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [epel-7]2015-12-02
CVE-2015-8386 — CRITICAL severity | cvebase