CVE-2015-8390

Published: Dec 2, 2015Modified: May 6, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Affected (5)

Products: Pcre: Perl Compatible Regular Expression Library · Fedoraproject: Fedora · Php: Php

1 product

Perl Compatible Regular Expression Library

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pcre Perl Compatible Regular Expression Library	Up to 8.37

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 22

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Php Php	From 5.5.0 to 5.5.32
Php Php	From 5.6.0 to 5.6.18
Php Php	From 7.0.0 to 7.0.3

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (16)

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html

Source: cve@mitre.org

Third Party Advisory

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2015/11/29/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/82990

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bto.bluecoat.com/security-advisory/sa128

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201607-02

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230216-0002/

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2015/11/29/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/82990

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bto.bluecoat.com/security-advisory/sa128

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201607-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230216-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.