The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List Third Party Advisory |
https://bugs.exim.org/show_bug.cgi?id=1592 | Exploit Issue Tracking Permissions Required Third Party Advisory |
https://fortiguard.com/zeroday/FG-VD-15-016 | Third Party Advisory |
https://www.pcre.org/original/changelog.txt | Release Notes Third Party Advisory |
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List Third Party Advisory |
https://bugs.exim.org/show_bug.cgi?id=1592 | Exploit Issue Tracking Permissions Required Third Party Advisory |
https://fortiguard.com/zeroday/FG-VD-15-016 | Third Party Advisory |
https://www.pcre.org/original/changelog.txt | Release Notes Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 02:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html - Mailing List, Third Party Advisory | |
References | () https://bugs.exim.org/show_bug.cgi?id=1592 - Exploit, Issue Tracking, Permissions Required, Third Party Advisory | |
References | () https://fortiguard.com/zeroday/FG-VD-15-016 - Third Party Advisory | |
References | () https://www.pcre.org/original/changelog.txt - Release Notes, Third Party Advisory |
Information
Published : 2020-01-14 17:15
Updated : 2024-11-21 02:27
NVD link : CVE-2015-2326
Mitre link : CVE-2015-2326
CVE.ORG link : CVE-2015-2326
JSON object : View
Products Affected
php
- php
pcre
- pcre
opensuse
- opensuse
mariadb
- mariadb
CWE
CWE-125
Out-of-bounds Read