Vulnerability Details CVE-2015-8392
PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.079
EPSS Ranking 91.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
- http://www.openwall.com/lists/oss-security/2015/11/29/1
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bto.bluecoat.com/security-advisory/sa128
- https://security.gentoo.org/glsa/201607-02
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
- http://www.openwall.com/lists/oss-security/2015/11/29/1
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bto.bluecoat.com/security-advisory/sa128
- https://security.gentoo.org/glsa/201607-02
Products affected by CVE-2015-8392
-
cpe:2.3:a:pcre:perl_compatible_regular_expression_library:8.36
-
cpe:2.3:a:pcre:perl_compatible_regular_expression_library:8.37