CVE-2016-3191

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pcre:pcre:8.38:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.31:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.30:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.01:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.00:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.13:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.12:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.10:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.21:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.20:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.11:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:8.02:*:*:*:*:*:*:*

Information

Published : 2016-03-17 16:59

Updated : 2018-01-04 18:30


NVD link : CVE-2016-3191

Mitre link : CVE-2016-3191


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

pcre

  • pcre
  • pcre2