CVE-2015-8389 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl Compatible Regular Expression Library
Severity
9.8CRITICALNVD
EPSS
2.7%
top 14.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 2
Latest updateMay 17
Description
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
Also affects: Fedora 22
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [epel-7]↗2015-12-02
Bugzilla▶
CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8389 pcre: infinite recursion in JIT compiler when processing certain patterns (8.38/21)↗2015-12-02
Bugzilla▶
CVE-2015-8389 glib2: pcre: Infinite recursion in JIT compiler when processing certain patterns [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [fedora-all]↗2015-12-02