Lucene search
Ubuntu.comUB:CVE-2014-8964HistoryDec 16, 2014 - 12:00 a.m.
CVE-2014-8964
2014-12-1600:00:00
ubuntu.com
ubuntu.com
11
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.029 Low
EPSS
Percentile
90.6%
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers
to cause a denial of service (crash) or have other unspecified impact via a
crafted regular expression, related to an assertion that allows zero
repeats.
Bugs
- <http://bugs.exim.org/show_bug.cgi?id=1546>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770478>
- <https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1396768>
Notes
| Author | Note |
|---|---|
| seth-arnold | exploiting this requires allowing untrusted input as the regular expression; that’s usually not allowed for performance reasons but the regex engine shouldn’t allow overflows on untrusted inputs. |
| mdeslaur | reproducer in upstream bug does not reproduce in precise |
Related
nessus
nessus
Fedora 19 : pcre-8.32-12.fc19 (2014-16224)
2014-12-22 00:00:00
Mandriva Linux Security Advisory : pcre (MDVSA-2015:002)
2015-01-06 00:00:00
Fedora 21 : mingw-pcre-8.35-1.fc21 (2014-17642)
2015-01-06 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mingw-pcre-8.33-4.fc19
2015-01-05 07:40:08
[SECURITY] Fedora 19 Update: pcre-8.32-12.fc19
2014-12-19 18:27:20
[SECURITY] Fedora 20 Update: mingw-pcre-8.33-4.fc20
2015-01-05 07:33:53
prion
prion
Heap overflow
2014-12-16 18:59:00
cve
cve
CVE-2014-8964
2014-12-16 18:59:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-528)
2015-09-08 00:00:00
Fedora Update for mingw-pcre FEDORA-2014-17624
2015-01-05 00:00:00
Oracle: Security Advisory (ELSA-2015-0330)
2015-10-06 00:00:00
archlinux
archlinux
pcre: heap buffer overflow
2014-11-26 00:00:00
mariadb-clients: denial of service
2015-05-08 00:00:00
mariadb: denial of service
2015-05-08 00:00:00
redhat
redhat
(RHSA-2015:0330) Low: pcre security and enhancement update
2015-03-05 00:00:00
debiancve
debiancve
CVE-2014-8964
2014-12-16 18:59:00
securityvulns
securityvulns
[ MDVSA-2015:002 ] pcre
2015-01-13 00:00:00
PCRE buffer overflow
2015-01-13 00:00:00
[USN-2694-1] PCRE vulnerabilities
2015-08-02 00:00:00
amazon
amazon
Low: pcre
2015-05-27 14:03:00
oraclelinux
oraclelinux
pcre security and enhancement update
2015-03-09 00:00:00
mariadbunix
mariadbunix
CVE-2014-8964
2014-12-16 18:59:00
mageia
mageia
Updated pcre packages fix security vulnerability
2014-12-19 18:06:35
centos
centos
pcre security update
2015-03-17 13:29:30
ubuntu
ubuntu
PCRE vulnerabilities
2015-07-29 00:00:00
n0where
n0where
MongoDB Security Audit: mongoaudit
2017-02-16 06:05:56
kitploit
kitploit
mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool
2017-02-22 14:04:00
suse
suse
Security update for mariadb (important)
2015-07-21 16:08:23
Security update for MariaDB (important)
2015-07-09 17:08:05
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.029 Low
EPSS
Percentile
90.6%
Related for UB:CVE-2014-8964