The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
Link | Resource |
---|---|
https://bugs.exim.org/show_bug.cgi?id=1592 | Exploit Issue Tracking Permissions Required Third Party Advisory |
https://fortiguard.com/zeroday/FG-VD-15-016 | Third Party Advisory |
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List Third Party Advisory |
https://www.pcre.org/original/changelog.txt | Release Notes Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2020-01-14 09:15
Updated : 2023-01-19 08:38
NVD link : CVE-2015-2326
Mitre link : CVE-2015-2326
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
opensuse
- opensuse
mariadb
- mariadb
pcre
- pcre
php
- php