Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2015-2327
HistoryDec 01, 2015 - 12:00 a.m.

CVE-2015-2327

2015-12-0100:00:00
ubuntu.com
ubuntu.com
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.3%

JSON

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related
patterns with certain internal recursive back references, which allows
remote attackers to cause a denial of service (segmentation fault) or
possibly have unspecified other impact via a crafted regular expression, as
demonstrated by a JavaScript RegExp object encountered by Konqueror.

Bugs

Notes

Author Note
sbeattie mongodb package uses system pcre since 2.0.0
tyhicks Issue affects PCRE3 only Marking ‘low’ since it requires PCRE to operate on untrusted regular expressions which is not very likely
mdeslaur CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch in jessie
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchpcre3< 8.12-4ubuntu0.2UNKNOWN
ubuntu14.04noarchpcre3< 1:8.31-2ubuntu2.1UNKNOWN
ubuntu15.10noarchpcre3< 2:8.35-7.1ubuntu1.3UNKNOWN

Related

securityvulns 2
ubuntucve 6
nessus 46
openvas 26
ubuntu 2
freebsd 3
fedora 5
prion 5
f5 8
cve 5
debiancve 5
mariadbunix 2
veracode 60
slackware 3
archlinux 1
mageia 1
ibm 5
openwrt 1
amazon 6
rosalinux 1
suse 2
redhat 2
centos 1
oraclelinux 1
securityvulns
securityvulns
PCRE multiple security vulnerabilities
2015-08-02 00:00:00
[USN-2694-1] PCRE vulnerabilities
2015-08-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-5073
2015-06-26 00:00:00
CVE-2015-2325
2015-04-01 00:00:00
CVE-2015-2326
2015-04-01 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : PCRE vulnerabilities (USN-2694-1)
2015-07-30 00:00:00
FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)
2015-05-26 00:00:00
Fedora 22 : pcre-8.37-2.fc22 (2015-11027)
2015-07-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2694-1)
2015-07-30 00:00:00
Fedora Update for pcre FEDORA-2015-11027
2015-07-14 00:00:00
Fedora Update for pcre FEDORA-2015-12921
2015-08-14 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2015-07-29 00:00:00
PCRE vulnerabilities
2016-03-29 00:00:00
freebsd
freebsd
pcre -- multiple vulnerabilities
2015-04-28 00:00:00
pcre -- Heap Overflow Vulnerability in find_fixedlength()
2015-06-23 00:00:00
pcre -- multiple vulnerabilities
2015-05-29 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: pcre-8.37-3.fc22
2015-08-13 16:57:41
[SECURITY] Fedora 22 Update: pcre-8.37-2.fc22
2015-07-13 19:13:55
[SECURITY] Fedora 21 Update: pcre-8.35-12.fc21
2015-07-18 02:05:10
prion
prion
Out-of-bounds
2020-01-14 17:15:00
Out-of-bounds
2020-01-14 17:15:00
Code injection
2015-12-02 01:59:00
f5
f5
SOL16983 - PCRE library vulnerability CVE-2015-2325
2015-07-22 00:00:00
K16983 : PCRE library vulnerability CVE-2015-2325
2015-07-22 00:00:00
SOL17235 - PCRE library vulnerability CVE-2015-3210
2015-09-08 00:00:00
cve
cve
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2327
2015-12-02 01:59:00
CVE-2015-2326
2020-01-14 17:15:00
debiancve
debiancve
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2326
2020-01-14 17:15:00
CVE-2015-2327
2015-12-02 01:59:00
mariadbunix
mariadbunix
CVE-2015-2326
2020-01-14 17:15:00
CVE-2015-2325
2020-01-14 17:15:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 06:02:14
Denial Of Service (DoS)
2019-05-02 05:34:18
Arbitrary Code Execution
2019-01-15 09:11:36
slackware
slackware
[slackware-security] pcre
2015-11-25 07:21:21
[slackware-security] php
2015-06-11 23:01:25
[slackware-security] php
2015-07-17 20:25:21
archlinux
archlinux
pcre: buffer overflow
2015-06-05 00:00:00
mageia
mageia
Updated pcre package fixes security vulnerability
2015-07-05 20:22:03
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PCRE library affect IBM Tealeaf Customer Experience
2018-06-16 20:03:39
Security Bulletin:Multiple vulnerabilities in PCRE affect IBM Tivoli Network Manager IP Edition
2018-06-17 15:28:51
Security Bulletin: Multiple vulnerabilities in PCRE affect PowerKVM
2018-06-18 01:32:32
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
amazon
amazon
Important: php56
2015-06-02 22:22:00
Important: php54
2015-06-02 22:20:00
Medium: php56
2015-07-07 12:40:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
suse
suse
Security update for mariadb (important)
2015-07-21 16:08:23
Security update for MariaDB (important)
2015-07-09 17:08:05
redhat
redhat
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update
2016-11-15 11:13:31
centos
centos
pcre security update
2016-05-13 00:44:08
oraclelinux
oraclelinux
pcre security update
2016-05-11 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.3%

JSON
Related for UB:CVE-2015-2327
securityvulns2ubuntucve6nessus46openvas26ubuntu2freebsd3fedora5prion5f58cve5debiancve5mariadbunix2veracode60slackware3archlinux1mageia1ibm5openwrt1amazon6rosalinux1suse2redhat2centos1oraclelinux1