CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 0CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)
https://notcve.org/view.php?id=CVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/82990 https:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 13%CPEs: 5EXPL: 1CVE-2015-3210 – pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
https://notcve.org/view.php?id=CVE-2015-3210
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(? • http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2015/06/01/7 http://www.openwall.com/lists/oss-security/2015/12/02/11 http://www.securityfocus.com/bid/74934 https://access.redhat.com/errata/RHSA-2016:1132 https://bugs.exim.org/show_bug.cgi?id=1636 https://access.redhat.com/security/cve/CVE-2015-3210 https://bugzilla.redhat.com/show_bug.cgi?id=1287623 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 3%CPEs: 3EXPL: 2CVE-2015-5073 – pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)
https://notcve.org/view.php?id=CVE-2015-5073
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. Desbordamiento de búfer basado en memoria dinámica en la función find_fixedlength en pcre_compile.c en PCRE en versiones anteriores a 8.38 permite a atacantes remotos provocar una denegación de servicio (caída) u obtener información sensible de la memoria dinámica y posiblemente eludir el mecanismo de protección ASLR a través de una expresión regular manipulada con un paréntesis de cierre excesivo. • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup http://vcs.pcre.org/pcre?view=revision&revision=1571 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/06/26/1 http://www.openwall.com/lists/oss-security/2015/06/26/3 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •