Lucene search
Ubuntu.comUB:CVE-2015-8392HistoryDec 01, 2015 - 12:00 a.m.
CVE-2015-8392
2015-12-0100:00:00
ubuntu.com
ubuntu.com
12
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.025
Percentile
90.2%
PCRE before 8.38 mishandles certain instances of the (?| substring, which
allows remote attackers to cause a denial of service (unintended recursion
and buffer overflow) or possibly have unspecified other impact via a
crafted regular expression, as demonstrated by a JavaScript RegExp object
encountered by Konqueror, a related issue to CVE-2015-8384 and
CVE-2015-8395.
Bugs
Notes
| Author | Note |
|---|---|
| tyhicks | Issue affects PCRE3 only Marking ‘low’ since it requires PCRE to operate on untrusted regular expressions which is not very likely |
| mdeslaur | introduced in 8.34 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch in jessie |
References
Related
debiancve
debiancve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2015-12-02 01:59:00
Buffer overflow
2015-12-02 01:59:00
Buffer overflow
2015-12-02 01:59:00
ubuntucve
ubuntucve
nvd
nvd
cve
cve
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:34:19
Denial Of Service (DoS)
2019-05-02 05:34:18
Denial Of Service (DoS)
2019-05-02 05:34:19
f5
f5
K17235 : PCRE library vulnerability CVE-2015-3210
2015-09-08 00:00:00
K20225390 : Multiple PCRE vulnerabilities
2016-02-04 00:00:00
SOL20225390 - Multiple PCRE vulnerabilities
2016-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: mingw-pcre-8.38-1.fc22
2016-02-17 04:25:54
[SECURITY] Fedora 23 Update: mingw-pcre-8.38-1.fc23
2016-02-17 04:01:55
nessus
nessus
Fedora 22 : mingw-pcre-8.38-1.fc22 (2016-f59a8ff5d0)
2016-03-04 00:00:00
Fedora 23 : mingw-pcre-8.38-1.fc23 (2016-fd1199dbe2)
2016-03-04 00:00:00
GLSA-201607-02 : libpcre: Multiple Vulnerabilities
2016-07-11 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities Perl Compatible Regular Expression (PCRE) libraries - IBM Aspera Shares Application
2019-07-10 10:10:01
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
openwrt
openwrt
pcre: Security update (18 CVEs)
2016-01-28 12:40:02
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
symantec
symantec
SA128 : Multiple PCRE Vulnerabilities
2016-07-07 08:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2971-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3161-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-2943-1)
2016-04-11 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
redhat
redhat
(RHSA-2016:1132) Important: rh-mariadb100-mariadb security update
2016-05-26 08:10:09
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.025
Percentile
90.2%
Related for UB:CVE-2015-8392