Lucene search

Ubuntu.comUB:CVE-2015-8384

HistoryDec 01, 2015 - 12:00 a.m.

CVE-2015-8384

2015-12-0100:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

PCRE before 8.38 mishandles the /(?J)(?‘d’(?‘d’\g{d}))/ pattern and related
patterns with certain recursive back references, which allows remote
attackers to cause a denial of service (buffer overflow) or possibly have
unspecified other impact via a crafted regular expression, as demonstrated
by a JavaScript RegExp object encountered by Konqueror, a related issue to
CVE-2015-8392 and CVE-2015-8395.

Bugs

Notes

Author	Note
tyhicks	Issue affects PCRE3 only Marking ‘low’ since it requires PCRE to operate on untrusted regular expressions which is not very likely Per Debian, the fix for CVE-2015-3210 also fixes this issue
mdeslaur	introduced in 8.34 CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch in jessie

OSVersionArchitecturePackageVersionFilename
ubuntu15.10noarchpcre3< 2:8.35-7.1ubuntu1.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	15.10	noarch	pcre3	< 2:8.35-7.1ubuntu1.3	UNKNOWN

References

vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

www.openwall.com/lists/oss-security/2015/11/29/1

launchpad.net/bugs/cve/CVE-2015-8384

nvd.nist.gov/vuln/detail/CVE-2015-8384

security-tracker.debian.org/tracker/CVE-2015-8384

ubuntu.com/security/notices/USN-2943-1

www.cve.org/CVERecord?id=CVE-2015-8384

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

Related for UB:CVE-2015-8384