CVE-2015-8391

Published: Dec 2, 2015Modified: May 6, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Affected (24)

Products: Pcre: Pcre · Oracle: Linux · Fedoraproject: Fedora · +2 more

Show all products

Pcre: Pcre · Oracle: Linux · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Enterprise Linux Workstation · Php: Php

1 product

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pcre Pcre	Before 8.38

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 7

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 22

Configuration D

18 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.2
Redhat Enterprise Linux Eus	Version 7.3
Redhat Enterprise Linux Eus	Version 7.4
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Eus	Version 7.6
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.2
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.2
Redhat Enterprise Linux Server Tus	Version 7.3
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 7.0

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Php Php	From 5.5.0 to 5.5.32
Php Php	From 5.6.0 to 5.6.18
Php Php	From 7.0.0 to 7.0.3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (26)

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1025.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: cve@mitre.org

Third Party Advisory

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

Source: cve@mitre.org

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/11/29/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/82990

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1132

Source: cve@mitre.org

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa128

Source: cve@mitre.org

Permissions Required

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201607-02

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230216-0002/

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/11/29/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/82990

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1132

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa128

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201607-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230216-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.