What is CVE-2015-8380?

CVE-2015-8380 is a vulnerability in Pcre Perl_compatible_regular_expression_library, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-12-02.

Is CVE-2015-8380 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Pcre Perl_compatible_regular_expression_library

CVE-2015-8380

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a cr…

Vulnerability class: Buffer Overflow

EPSS: 0.012 (79.6th percentile) — read the EPSS interpretation.

Affected products

Pcre Perl_compatible_regular_expression_library
Fedoraproject Fedora — versions 22
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

[oss-security] 20151128 Re: Heap Overflow in PCRE (mailing-list, x_refsource_MLIST, Exploit)
cve@mitre.org (x_refsource_CONFIRM, Exploit)
cve@mitre.org (Third Party Advisory, x_refsource_MISC)
FEDORA-2015-afafa29551 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
77695 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Exploit)
GLSA-201607-02 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2015-8380?: CVE-2015-8380 is a vulnerability in Pcre Perl_compatible_regular_expression_library, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-12-02.
Is CVE-2015-8380 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.