CVE-2015-8388
published 2015-12-02CVE-2015-8388: PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pcre3 | < pcre3 2:8.35-7 (bookworm) | pcre3 2:8.35-7 (bookworm) |
| oracle | linux | — | — |
| pcre | perl_compatible_regular_expression_library | <= 8.37 | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH