CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
Link Resource
https://bugs.exim.org/show_bug.cgi?id=1592 Exploit Issue Tracking Permissions Required Third Party Advisory
https://fortiguard.com/zeroday/FG-VD-15-016 Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html Mailing List Third Party Advisory
https://www.pcre.org/original/changelog.txt Release Notes Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Information

Published : 2020-01-14 09:15

Updated : 2023-01-19 08:38


NVD link : CVE-2015-2326

Mitre link : CVE-2015-2326


JSON object : View

CWE
CWE-125

Out-of-bounds Read

Advertisement

dedicated server usa

Products Affected

opensuse

  • opensuse

mariadb

  • mariadb

pcre

  • pcre

php

  • php