CVE-2015-8381
pcre: Buffer overflow caused by duplicate named references (8.38/36)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
La función compile_regex en pcre_compile.c en PCRE en versiones anteriores a 8.38 y pcre2_compile.c en PCRE2 en versiones anteriores a 10.2x no maneja correctamente los patrones /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ y /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ , y patrones relacionados con ciertas referencias de grupo, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-01 CVE Reserved
- 2015-12-02 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/11/29/1 | Mailing List |
|
| http://www.securityfocus.com/bid/76187 | Third Party Advisory | |
| https://bto.bluecoat.com/security-advisory/sa128 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup | 2024-08-06 | |
| https://bugs.exim.org/show_bug.cgi?id=1667 | 2024-08-06 | |
| https://bugs.exim.org/show_bug.cgi?id=1672 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | 2018-01-05 | |
| https://access.redhat.com/errata/RHSA-2016:1132 | 2018-01-05 | |
| https://security.gentoo.org/glsa/201607-02 | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2015-8381 | 2016-11-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1287711 | 2016-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pcre Search vendor "Pcre" | Perl Compatible Regular Expression Library Search vendor "Pcre" for product "Perl Compatible Regular Expression Library" | <= 8.37 Search vendor "Pcre" for product "Perl Compatible Regular Expression Library" and version " <= 8.37" | - |
Affected
| ||||||