Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-8395
HistoryDec 01, 2015 - 12:00 a.m.

CVE-2015-8395

2015-12-0100:00:00
ubuntu.com
ubuntu.com
13

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.025

Percentile

90.2%

PCRE before 8.38 mishandles certain references, which allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via a crafted regular expression, as demonstrated by a JavaScript
RegExp object encountered by Konqueror, a related issue to CVE-2015-8384
and CVE-2015-8392.

Bugs

Notes

Author Note
tyhicks Issue affects PCRE3 only Marking ‘low’ since it requires PCRE to operate on untrusted regular expressions which is not very likely
mdeslaur introduced in 8.34 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch in jessie
OSVersionArchitecturePackageVersionFilename
ubuntu15.10noarchpcre3< 2:8.35-7.1ubuntu1.3UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.025

Percentile

90.2%