CVE-2015-8391 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pcre
Severity
9.8CRITICALNVD
EPSS
6.4%
top 8.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 2
Latest updateMay 14
Description
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Also affects: Fedora 22, Enterprise Linux 7.2, 7.3, 7.4, 7.5, 7.6, 7.7
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2015-8391 glib2: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8391 mingw-pcre: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8391 mingw-pcre: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [epel-7]↗2015-12-02
Bugzilla▶
CVE-2015-8391 pcre: Some pathological patterns causes pcre_compile() to run for a very long time [fedora-all]↗2015-12-02