CVE-2015-8392 — Classic Buffer Overflow in Perl Compatible Regular Expression Library
Severity
7.5HIGHNVD
EPSS
4.4%
top 10.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 2
Latest updateMay 14
Description
PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages1 packages
🔴Vulnerability Details
3📋Vendor Advisories
5💬Community
6Bugzilla▶
CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)↗2015-12-02
Bugzilla▶
CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)↗2015-12-02
Bugzilla▶
CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused by certain patterns with duplicated named groups [fedora-all]↗2015-12-02
Bugzilla▶
CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused by certain patterns with duplicated named groups [epel-7]↗2015-12-02