CVE-2015-3217

Published: Dec 13, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

Affected (10)

Products: Pcre: Pcre2, Pcre · Ibm: Powerkvm

2 products

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pcre Pcre2	Version 10.10

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Pcre Pcre	Version 7.8
Pcre Pcre	Version 8.32
Pcre Pcre	Version 8.33
Pcre Pcre	Version 8.34
Pcre Pcre	Version 8.35
Pcre Pcre	Version 8.36
Pcre Pcre	Version 8.37

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Powerkvm	Version 2.1
Ibm Powerkvm	Version 3.1

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

http://rhn.redhat.com/errata/RHSA-2016-1025.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: secalert@redhat.com

http://vcs.pcre.org/pcre?view=revision&revision=1566

Source: secalert@redhat.com

Patch

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/06/03/7

Source: secalert@redhat.com

Mailing List

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/75018

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1132

Source: secalert@redhat.com

https://bugs.exim.org/show_bug.cgi?id=1638

Source: secalert@redhat.com

ExploitIssue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1228283

Source: secalert@redhat.com

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2016-1025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://vcs.pcre.org/pcre?view=revision&revision=1566

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/06/03/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/75018

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1132

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.exim.org/show_bug.cgi?id=1638

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1228283

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.