CVE-2015-8381

Name of the Vulnerable Software and Affected Versions PCRE versions prior to 8.38 PCRE2 versions prior to 10.2x

Description The issue concerns the compile regex function in PCRE and PCRE2, which mishandles certain patterns, such as /(?J:(?|(:(?|(?'R')(k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(z(?|(?'R')(k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/, allowing remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted regular expression.

Recommendations For PCRE versions prior to 8.38, update to version 8.38 or later. For PCRE2 versions prior to 10.2x, update to version 10.2x or later.