The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
References
Link | Resource |
---|---|
https://bugs.exim.org/show_bug.cgi?id=1591 | Exploit Issue Tracking Permissions Required Third Party Advisory |
https://fortiguard.com/zeroday/FG-VD-15-015 | Third Party Advisory |
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List Third Party Advisory |
https://www.pcre.org/original/changelog.txt | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2020-01-14 09:15
Updated : 2022-08-05 07:29
NVD link : CVE-2015-2325
Mitre link : CVE-2015-2325
JSON object : View
Products Affected
opensuse
- opensuse
mariadb
- mariadb
pcre
- pcre
php
- php