CVE-2015-8388 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl Compatible Regular Expression Library
Severity
7.5HIGHNVD
EPSS
4.2%
top 11.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 2
Latest updateMay 13
Description
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages2 packages
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8388 glib2: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [epel-7]↗2015-12-02
Bugzilla▶
CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)↗2015-06-30