Buffer overflow in Pcre Perl_compatible_regular_expression_library

CVE-2015-8384

PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other im…

Vulnerability class: Buffer Overflow

EPSS: 0.012 (79.2th percentile) — read the EPSS interpretation.

Affected products

Pcre Perl_compatible_regular_expression_library
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20151128 Re: Heap Overflow in PCRE (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
RHSA-2016:1132 (x_refsource_REDHAT, vendor-advisory)
RHSA-2016:2750 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Release Notes)
GLSA-201607-02 (vendor-advisory, x_refsource_GENTOO)