Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. (CVE-2015-3210)
Impact
An locally authenticated attacker may be able to execute arbitrary code in the context of the user running the affected application when the vulnerability is exploited. However, affected F5 products that contain the vulnerable software component do not use the components in a way which exposes this vulnerability.