CVE-2015-3217

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:pcre:pcre2:10.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:7.8:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

Information

Published : 2016-12-13 08:59

Updated : 2018-05-17 18:29


NVD link : CVE-2015-3217

Mitre link : CVE-2015-3217


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

ibm

  • powerkvm

pcre

  • pcre
  • pcre2