CVE-2015-3217

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pcre:pcre2:10.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:pcre:pcre:7.8:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-12-13 16:59

Updated : 2024-02-28 15:44


NVD link : CVE-2015-3217

Mitre link : CVE-2015-3217

CVE.ORG link : CVE-2015-3217


JSON object : View

Products Affected

pcre

  • pcre
  • pcre2

ibm

  • powerkvm
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer