CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
Link Resource
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html Mailing List Third Party Advisory
https://bugs.exim.org/show_bug.cgi?id=1592 Exploit Issue Tracking Permissions Required Third Party Advisory
https://fortiguard.com/zeroday/FG-VD-15-016 Third Party Advisory
https://www.pcre.org/original/changelog.txt Release Notes Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-14 17:15

Updated : 2024-02-28 17:28


NVD link : CVE-2015-2326

Mitre link : CVE-2015-2326

CVE.ORG link : CVE-2015-2326


JSON object : View

Products Affected

mariadb

  • mariadb

opensuse

  • opensuse

php

  • php

pcre

  • pcre
CWE
CWE-125

Out-of-bounds Read