CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
90.1%
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
Vendor | Product | Version | CPE |
---|---|---|---|
pcre | pcre | * | cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* |
mariadb | mariadb | * | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* |
fedoraproject | fedora | 19 | cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:* |
fedoraproject | fedora | 20 | cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* |
fedoraproject | fedora | 21 | cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* |
opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
oracle | solaris | 11.2 | cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:* |
redhat | enterprise_linux_desktop | 7.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_eus | 7.3 | cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* |
advisories.mageia.org/MGASA-2014-0534.html
bugs.exim.org/show_bug.cgi?id=1546
lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html
lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html
lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html
lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html
lists.opensuse.org/opensuse-updates/2015-05/msg00014.html
rhn.redhat.com/errata/RHSA-2015-0330.html
www.exim.org/viewvc/pcre?view=revision&revision=1513
www.mandriva.com/security/advisories?name=MDVSA-2015:002
www.mandriva.com/security/advisories?name=MDVSA-2015:137
www.openwall.com/lists/oss-security/2014/11/21/6
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
www.securityfocus.com/bid/71206
bugzilla.redhat.com/show_bug.cgi?id=1166147
security.gentoo.org/glsa/201607-02