PT-2015-5715 · Pcre+4 · Pcre+4

Published

2015-04-01

·

Updated

2024-06-15

·

CVE-2015-2325

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PCRE versions prior to 8.37
Description The issue allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Recommendations For versions prior to 8.37, update to version 8.37 or later to resolve the issue. As a temporary workaround, consider restricting the use of the compile branch function until a patch is available. Avoid using regular expressions with groups that contain forward references repeated a large number of times within repeated outer groups that have a zero minimum quantifier.

Exploit

Fix

DoS

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALT-PU-2015-1467
ALT-PU-2015-1749
CVE-2015-2325
OPENSUSE-SU-2015_1216-1
OPENSUSE-SU-2024:10277-1
OPENSUSE-SU-2024:10290-1
OPENSUSE-SU-2024:10344-1
OPENSUSE-SU-2024:10447-1
RHSA-2016:2750
SUSE-SU-2015:1273-1
SUSE-SU-2016:2971-1
SUSE-SU-2016:3161-1
SUSE-SU-2017:2699-1
SUSE-SU-2017:2700-1
USN-2694-1
USN-2943-1

Affected Products

Alt Linux
Mariadb Server
Pcre
Suse
Ubuntu