CVE-2015-8383
pcre: Buffer overflow caused by repeated conditional group (8.38/3)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
PCRE en versiones anteriores a 8.38 no maneja correctamente ciertos grupos condicionales repetidos, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-01 CVE Reserved
- 2015-12-02 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup | Broken Link | |
| http://www.openwall.com/lists/oss-security/2015/11/29/1 | Mailing List |
|
| https://bto.bluecoat.com/security-advisory/sa128 | Third Party Advisory | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20230216-0002 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html | 2023-02-16 | |
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | 2023-02-16 | |
| https://access.redhat.com/errata/RHSA-2016:1132 | 2023-02-16 | |
| https://security.gentoo.org/glsa/201607-02 | 2023-02-16 | |
| https://access.redhat.com/security/cve/CVE-2015-8383 | 2016-11-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1287614 | 2016-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pcre Search vendor "Pcre" | Perl Compatible Regular Expression Library Search vendor "Pcre" for product "Perl Compatible Regular Expression Library" | <= 8.37 Search vendor "Pcre" for product "Perl Compatible Regular Expression Library" and version " <= 8.37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 22 Search vendor "Fedoraproject" for product "Fedora" and version "22" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.5.0 < 5.5.32 Search vendor "Php" for product "Php" and version " >= 5.5.0 < 5.5.32" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.6.0 < 5.6.18 Search vendor "Php" for product "Php" and version " >= 5.6.0 < 5.6.18" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.0.0 < 7.0.3 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.3" | - |
Affected
| ||||||