PT-2015-5718 · Philip Hazel+5 · Pcre+5

Published

2015-05-26

·

Updated

2019-12-27

·

CVE-2015-2328

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions PCRE versions prior to 8.36
Description The issue is related to the mishandling of certain patterns with recursion, such as the /((?(R)a|(?1)))+/ pattern, which can be exploited by remote attackers to cause a denial of service, potentially leading to a segmentation fault. This can be achieved through a crafted regular expression. For example, a JavaScript RegExp object can be used to trigger this issue, as demonstrated by its encounter with Konqueror.
Recommendations For PCRE versions prior to 8.36, update to version 8.36 or later to resolve the issue.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

ALT-PU-2015-1467
CESA-2016_1025
CVE-2015-2328
RHSA-2016:1025
RHSA-2016:2750
RHSA-2016_1025
SUSE-SU-2016:2971-1
SUSE-SU-2016:3161-1
SUSE-SU-2017:2699-1
SUSE-SU-2017:2700-1
USN-2943-1

Affected Products

Alt Linux
Centos
Pcre
Red Hat
Suse
Ubuntu