PT-2015-5715 · Pcre+4 · Pcre+4

Publicado

2015-04-01

Atualizado

2024-06-15

CVE-2015-2325

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PCRE versions prior to 8.37

Description The issue allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

Recommendations For versions prior to 8.37, update to version 8.37 or later to resolve the issue. As a temporary workaround, consider restricting the use of the compile branch function until a patch is available. Avoid using regular expressions with groups that contain forward references repeated a large number of times within repeated outer groups that have a zero minimum quantifier.

Exploit

Correção

DoS

Out of bounds Read

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-787

Identificadores relacionados

ALT-PU-2015-1467

ALT-PU-2015-1749

CVE-2015-2325

OPENSUSE-SU-2015_1216-1

OPENSUSE-SU-2024:10277-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:10447-1

RHSA-2016:2750

SUSE-SU-2015:1273-1

SUSE-SU-2016:2971-1

SUSE-SU-2016:3161-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-2694-1

USN-2943-1

Produtos afetados

Alt Linux

Mariadb Server

Pcre

Suse

Ubuntu

PT-2015-5715 · Pcre+4 · Pcre+4

CVE-2015-2325

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 390