CVE-2016-1283
pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
La función pcre_compile2 en pcre_compile.c en PCRE 8.38 no maneja correctamente el patrón /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ y los patrones relacionados con los subgrupos nombrados, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-02 CVE Reserved
- 2016-01-03 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/79825 | Third Party Advisory | |
| http://www.securitytracker.com/id/1034555 | Broken Link | |
| https://www.tenable.com/security/tns-2016-18 | Third Party Advisory | |
| https://www.tenable.com/security/tns-2017-14 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pcre Search vendor "Pcre" | Pcre Search vendor "Pcre" for product "Pcre" | 8.38 Search vendor "Pcre" for product "Pcre" and version "8.38" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.6.0 < 5.6.32 Search vendor "Php" for product "Php" and version " >= 5.6.0 < 5.6.32" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.0.0 < 7.0.25 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.25" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.1.0 < 7.1.11 Search vendor "Php" for product "Php" and version " >= 7.1.0 < 7.1.11" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 22 Search vendor "Fedoraproject" for product "Fedora" and version "22" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 23 Search vendor "Fedoraproject" for product "Fedora" and version "23" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 11.3 Search vendor "Oracle" for product "Solaris" and version "11.3" | - |
Affected
| ||||||