Buffer overflow in Pcre Perl_compatible_regular_expression_library

CVE-2015-8392

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expre…

Vulnerability class: Buffer Overflow

EPSS: 0.044 (89.2th percentile) — read the EPSS interpretation.

Affected products

Pcre Perl_compatible_regular_expression_library
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20151128 Re: Heap Overflow in PCRE (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
RHSA-2016:1132 (x_refsource_REDHAT, vendor-advisory)
RHSA-2016:2750 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
GLSA-201607-02 (vendor-advisory, x_refsource_GENTOO)