The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List Third Party Advisory |
https://bugs.exim.org/show_bug.cgi?id=1592 | Exploit Issue Tracking Permissions Required Third Party Advisory |
https://fortiguard.com/zeroday/FG-VD-15-016 | Third Party Advisory |
https://www.pcre.org/original/changelog.txt | Release Notes Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2020-01-14 17:15
Updated : 2024-02-28 17:28
NVD link : CVE-2015-2326
Mitre link : CVE-2015-2326
CVE.ORG link : CVE-2015-2326
JSON object : View
Products Affected
mariadb
- mariadb
opensuse
- opensuse
php
- php
pcre
- pcre
CWE
CWE-125
Out-of-bounds Read