Lucene search
Ubuntu.comUB:CVE-2015-8385HistoryDec 01, 2015 - 12:00 a.m.
CVE-2015-8385
2015-12-0100:00:00
ubuntu.com
ubuntu.com
9
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.4%
PCRE before 8.38 mishandles the /(?|(\k’Pm’)|(?‘Pm’))/ pattern and related
patterns with certain forward references, which allows remote attackers to
cause a denial of service (buffer overflow) or possibly have unspecified
other impact via a crafted regular expression, as demonstrated by a
JavaScript RegExp object encountered by Konqueror.
Bugs
Notes
| Author | Note |
|---|---|
| tyhicks | Issue affects PCRE3 only Marking ‘low’ since it requires PCRE to operate on untrusted regular expressions which is not very likely |
| mdeslaur | 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch in jessie |
References
Related
cve
cve
CVE-2015-8385
2015-12-02 01:59:00
prion
prion
Buffer overflow
2015-12-02 01:59:00
debiancve
debiancve
CVE-2015-8385
2015-12-02 01:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:34:18
Denial Of Service (DoS)
2019-05-02 06:02:17
Denial Of Service (DoS)
2019-05-02 06:02:19
redhat
redhat
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
(RHSA-2016:1132) Important: rh-mariadb100-mariadb security update
2016-05-26 08:10:09
openvas
openvas
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2016-1023)
2020-01-23 00:00:00
RedHat Update for pcre RHSA-2016:1025-01
2016-06-03 00:00:00
CentOS Update for pcre CESA-2016:1025 centos7
2016-05-17 00:00:00
centos
centos
pcre security update
2016-05-13 00:44:08
oraclelinux
oraclelinux
pcre security update
2016-05-11 00:00:00
ibm
ibm
nessus
nessus
CentOS 7 : pcre (CESA-2016:1025)
2016-05-13 00:00:00
Oracle Linux 7 : pcre (ELSA-2016-1025)
2016-05-12 00:00:00
Scientific Linux Security Update : pcre on SL7.x x86_64 (20160511)
2016-05-12 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: mingw-pcre-8.38-1.fc22
2016-02-17 04:25:54
[SECURITY] Fedora 23 Update: mingw-pcre-8.38-1.fc23
2016-02-17 04:01:55
symantec
symantec
SA128 : Multiple PCRE Vulnerabilities
2016-07-07 08:00:00
f5
f5
SOL20225390 - Multiple PCRE vulnerabilities
2016-02-04 00:00:00
K20225390 : Multiple PCRE vulnerabilities
2016-02-04 00:00:00
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
openwrt
openwrt
pcre: Security update (18 CVEs)
2016-01-28 12:40:02
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.4%
Related for UB:CVE-2015-8385