[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2328Date: (C)2015-12-15   (M)2024-04-16


PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-74924
RHSA-2016:1025
RHSA-2016:2750
http://www.openwall.com/lists/oss-security/2015/11/29/1
http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
http://www.fortiguard.com/advisory/FG-VD-15-014/
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://bugs.exim.org/show_bug.cgi?id=1515
https://jira.mongodb.org/browse/SERVER-17252

CPE    2
cpe:/o:oracle:linux:7
cpe:/a:pcre:pcre
CWE    1
CWE-19
OVAL    8
oval:org.secpod.oval:def:89045326
oval:org.secpod.oval:def:89045149
oval:org.secpod.oval:def:52747
oval:org.secpod.oval:def:1501467
...

© SecPod Technologies