Lucene search
Ubuntu.comUB:CVE-2015-2328HistoryDec 01, 2015 - 12:00 a.m.
CVE-2015-2328
2015-12-0100:00:00
ubuntu.com
ubuntu.com
7
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.3%
PCRE before 8.36 mishandles the /((?®a|(?1)))+/ pattern and related
patterns with certain recursion, which allows remote attackers to cause a
denial of service (segmentation fault) or possibly have unspecified other
impact via a crafted regular expression, as demonstrated by a JavaScript
RegExp object encountered by Konqueror.
Bugs
Notes
| Author | Note |
|---|---|
| sbeattie | since 2.0.0, mongodb packages use system pcre |
| tyhicks | Issue affects PCRE3 only Marking ‘low’ since it requires PCRE to operate on untrusted regular expressions which is not very likely |
| mdeslaur | 0001-Fix-compile-time-loop-for-recursive-reference-within.patch in jessie |
Related
cve
cve
CVE-2015-2328
2015-12-02 01:59:00
debiancve
debiancve
CVE-2015-2328
2015-12-02 01:59:00
prion
prion
Code injection
2015-12-02 01:59:00
ibm
ibm
Security Bulletin:Multiple vulnerabilities in PCRE affect IBM Tivoli Network Manager IP Edition
2018-06-17 15:28:51
Security Bulletin: Multiple vulnerabilities in PCRE library affect IBM Tealeaf Customer Experience
2018-06-16 20:03:39
Security Bulletin: Multiple vulnerabilities in PCRE affect PowerKVM
2018-06-18 01:32:32
nessus
nessus
Scientific Linux Security Update : pcre on SL7.x x86_64 (20160511)
2016-05-12 00:00:00
EulerOS 2.0 SP1 : pcre (EulerOS-SA-2016-1023)
2017-05-01 00:00:00
RHEL 7 : pcre (RHSA-2016:1025)
2016-05-12 00:00:00
centos
centos
pcre security update
2016-05-13 00:44:08
openvas
openvas
RedHat Update for pcre RHSA-2016:1025-01
2016-06-03 00:00:00
CentOS Update for pcre CESA-2016:1025 centos7
2016-05-17 00:00:00
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2016-1023)
2020-01-23 00:00:00
oraclelinux
oraclelinux
pcre security update
2016-05-11 00:00:00
redhat
redhat
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
f5
f5
SOL20225390 - Multiple PCRE vulnerabilities
2016-02-04 00:00:00
K20225390 : Multiple PCRE vulnerabilities
2016-02-04 00:00:00
openwrt
openwrt
pcre: Security update (18 CVEs)
2016-01-28 12:40:02
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 06:02:23
Denial Of Service (DoS) Through Memory Corruption
2019-05-02 06:02:24
Denial Of Service (DoS)
2019-05-02 06:02:17
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.3%
Related for UB:CVE-2015-2328