CVE-2015-8390 — Use of Uninitialized Resource in Perl Compatible Regular Expression Library
Severity
9.8CRITICALNVD
EPSS
2.9%
top 13.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 2
Latest updateMay 17
Description
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
Also affects: Fedora 22
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8390 pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)↗2015-12-02
Bugzilla▶
CVE-2015-8390 glib2: pcre: Reading from uninitialized memory when processing certain patterns [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8390 mingw-pcre: pcre: Reading from uninitialized memory when processing certain patterns [epel-7]↗2015-12-02
Bugzilla▶
CVE-2015-8390 mingw-pcre: pcre: Reading from uninitialized memory when processing certain patterns [fedora-all]↗2015-12-02