Buffer overflow in Pcre Perl_compatible_regular_expression_library

CVE-2015-8395

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountere…

Vulnerability class: Buffer Overflow

EPSS: 0.024 (85.4th percentile) — read the EPSS interpretation.

Affected products

Pcre Perl_compatible_regular_expression_library
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20151128 Re: Heap Overflow in PCRE (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
RHSA-2016:1132 (x_refsource_REDHAT, vendor-advisory)
RHSA-2016:2750 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Release Notes)
GLSA-201607-02 (vendor-advisory, x_refsource_GENTOO)