PT-2015-5718 · Philip Hazel+5 · Pcre+5

Publicado

2015-05-26

Atualizado

2019-12-27

CVE-2015-2328

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PCRE versions prior to 8.36

Description The issue is related to the mishandling of certain patterns with recursion, such as the /((?(R)a|(?1)))+/ pattern, which can be exploited by remote attackers to cause a denial of service, potentially leading to a segmentation fault. This can be achieved through a crafted regular expression. For example, a JavaScript RegExp object can be used to trigger this issue, as demonstrated by its encounter with Konqueror.

Recommendations For PCRE versions prior to 8.36, update to version 8.36 or later to resolve the issue.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-19

Identificadores relacionados

ALT-PU-2015-1467

CESA-2016_1025

CVE-2015-2328

RHSA-2016:1025

RHSA-2016:2750

RHSA-2016_1025

SUSE-SU-2016:2971-1

SUSE-SU-2016:3161-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-2943-1

Produtos afetados

Alt Linux

Centos

Pcre

Red Hat

Suse

Ubuntu

PT-2015-5718 · Philip Hazel+5 · Pcre+5

CVE-2015-2328

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 143