CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
Link Resource
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html Mailing List Third Party Advisory
https://bugs.exim.org/show_bug.cgi?id=1592 Exploit Issue Tracking Permissions Required Third Party Advisory
https://fortiguard.com/zeroday/FG-VD-15-016 Third Party Advisory
https://www.pcre.org/original/changelog.txt Release Notes Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html Mailing List Third Party Advisory
https://bugs.exim.org/show_bug.cgi?id=1592 Exploit Issue Tracking Permissions Required Third Party Advisory
https://fortiguard.com/zeroday/FG-VD-15-016 Third Party Advisory
https://www.pcre.org/original/changelog.txt Release Notes Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:27

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html - Mailing List, Third Party Advisory
References () https://bugs.exim.org/show_bug.cgi?id=1592 - Exploit, Issue Tracking, Permissions Required, Third Party Advisory () https://bugs.exim.org/show_bug.cgi?id=1592 - Exploit, Issue Tracking, Permissions Required, Third Party Advisory
References () https://fortiguard.com/zeroday/FG-VD-15-016 - Third Party Advisory () https://fortiguard.com/zeroday/FG-VD-15-016 - Third Party Advisory
References () https://www.pcre.org/original/changelog.txt - Release Notes, Third Party Advisory () https://www.pcre.org/original/changelog.txt - Release Notes, Third Party Advisory

Information

Published : 2020-01-14 17:15

Updated : 2024-11-21 02:27


NVD link : CVE-2015-2326

Mitre link : CVE-2015-2326

CVE.ORG link : CVE-2015-2326


JSON object : View

Products Affected

php

  • php

pcre

  • pcre

opensuse

  • opensuse

mariadb

  • mariadb
CWE
CWE-125

Out-of-bounds Read