CVE-2015-8387

2015-12-02 02:59:11 2017-07-01 03:29:25

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Fedora 22

Pcre Perl compatible regular expression library 8.37 (not an official CPE)

Fedoraproject - Fedora Pcre - Perl compatible regular expression library

Advisory	Patch	Confirmed	Link
			https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/d...
			82990
			[oss-security] 20151128 Re: Heap Overflow in PCRE
			https://bto.bluecoat.com/security-advisory/sa128
			http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=marku...
			FEDORA-2015-eb896290d3
			GLSA-201607-02

CVE-2015-8387

2015-12-02 02:59:11 2017-07-01 03:29:25

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)