CVE-2015-8385

Name of the Vulnerable Software and Affected Versions PCRE versions prior to 8.38

Description The issue concerns a denial of service (buffer overflow) that can be caused by remote attackers through crafted regular expressions. This can potentially have other unspecified impacts. The problem is demonstrated by a JavaScript RegExp object encountered by Konqueror, specifically with the /(?|(k'Pm')|(?'Pm'))/ pattern and related patterns that contain certain forward references.

Recommendations For versions prior to 8.38, update to version 8.38 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted regular expressions that may trigger the buffer overflow until a patch is applied. Avoid using the RegExp object with the vulnerable pattern in affected applications to minimize the risk of exploitation.