Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-8392
HistoryDec 01, 2015 - 12:00 a.m.

CVE-2015-8392

2015-12-0100:00:00
ubuntu.com
ubuntu.com
9

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%

PCRE before 8.38 mishandles certain instances of the (?| substring, which
allows remote attackers to cause a denial of service (unintended recursion
and buffer overflow) or possibly have unspecified other impact via a
crafted regular expression, as demonstrated by a JavaScript RegExp object
encountered by Konqueror, a related issue to CVE-2015-8384 and
CVE-2015-8395.

Bugs

Notes

Author Note
tyhicks Issue affects PCRE3 only Marking ‘low’ since it requires PCRE to operate on untrusted regular expressions which is not very likely
mdeslaur introduced in 8.34 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch in jessie
OSVersionArchitecturePackageVersionFilename
ubuntu15.10noarchpcre3< 2:8.35-7.1ubuntu1.3UNKNOWN

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%