// For flags

CVE-2015-5073

pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

Desbordamiento de búfer basado en memoria dinámica en la función find_fixedlength en pcre_compile.c en PCRE en versiones anteriores a 8.38 permite a atacantes remotos provocar una denegación de servicio (caída) u obtener información sensible de la memoria dinámica y posiblemente eludir el mecanismo de protección ASLR a través de una expresión regular manipulada con un paréntesis de cierre excesivo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-06-26 CVE Reserved
  • 2015-08-03 CVE Published
  • 2024-03-15 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-122: Heap-based Buffer Overflow
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Powerkvm
Search vendor "Ibm" for product "Powerkvm"
2.1
Search vendor "Ibm" for product "Powerkvm" and version "2.1"
-
Affected
Ibm
Search vendor "Ibm"
Powerkvm
Search vendor "Ibm" for product "Powerkvm"
3.1
Search vendor "Ibm" for product "Powerkvm" and version "3.1"
-
Affected
Pcre
Search vendor "Pcre"
Pcre
Search vendor "Pcre" for product "Pcre"
<= 8.37
Search vendor "Pcre" for product "Pcre" and version " <= 8.37"
-
Affected