Lucene search

K
cve[email protected]CVE-2015-8392
HistoryDec 02, 2015 - 1:59 a.m.

CVE-2015-8392

2015-12-0201:59:16
CWE-119
web.nvd.nist.gov
55
cve-2015-8392
pcre
denial of service
buffer overflow
regex
remote code execution

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.

Affected configurations

NVD
Node
pcreperl_compatible_regular_expression_libraryRange≤8.37

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%