Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-8384
HistoryDec 01, 2015 - 12:00 a.m.

CVE-2015-8384

2015-12-0100:00:00
ubuntu.com
ubuntu.com
13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.137 Low

EPSS

Percentile

95.7%

PCRE before 8.38 mishandles the /(?J)(?‘d’(?‘d’\g{d}))/ pattern and related
patterns with certain recursive back references, which allows remote
attackers to cause a denial of service (buffer overflow) or possibly have
unspecified other impact via a crafted regular expression, as demonstrated
by a JavaScript RegExp object encountered by Konqueror, a related issue to
CVE-2015-8392 and CVE-2015-8395.

Bugs

Notes

Author Note
tyhicks Issue affects PCRE3 only Marking ‘low’ since it requires PCRE to operate on untrusted regular expressions which is not very likely Per Debian, the fix for CVE-2015-3210 also fixes this issue
mdeslaur introduced in 8.34 CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch in jessie
OSVersionArchitecturePackageVersionFilename
ubuntu15.10noarchpcre3< 2:8.35-7.1ubuntu1.3UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.137 Low

EPSS

Percentile

95.7%