CVE-2015-8381
Published: 1 December 2015
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Notes
Author | Note |
---|---|
tyhicks | Marking 'low' since it requires PCRE to operate on untrusted regular expressions which is not very likely |
mdeslaur | introduced in 8.34 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch in jessie |
Priority
Status
Package | Release | Status |
---|---|---|
pcre2 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(10.20-3)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Not vulnerable
(10.20-3)
|
|
yakkety |
Not vulnerable
(10.20-3)
|
|
zesty |
Not vulnerable
(10.20-3)
|
|
pcre3 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Not vulnerable
(reproducer doesn't work)
|
|
upstream |
Released
(8.38)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Released
(2:8.35-7.1ubuntu1.3)
|
|
xenial |
Not vulnerable
(2:8.38-3)
|
|
yakkety |
Not vulnerable
(2:8.38-3)
|
|
zesty |
Not vulnerable
(2:8.38-3)
|
|
Patches: upstream: http://vcs.pcre.org/pcre?view=revision&revision=1594 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8381
- http://www.openwall.com/lists/oss-security/2015/08/24/1
- http://www.openwall.com/lists/oss-security/2015/08/05/3
- http://www.openwall.com/lists/oss-security/2015/11/29/1
- http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
- https://ubuntu.com/security/notices/USN-2943-1
- NVD
- Launchpad
- Debian