CVE-2015-8394

Published: Dec 2, 2015Modified: May 6, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Affected (4)

Products: Pcre: Perl Compatible Regular Expression Library · Php: Php

1 product

Perl Compatible Regular Expression Library

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pcre Perl Compatible Regular Expression Library	Up to 8.37

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Php Php	From 5.5.0 to 5.5.32
Php Php	From 5.6.0 to 5.6.18
Php Php	From 7.0.0 to 7.0.3

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (16)

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

Source: cve@mitre.org

Broken Link

http://www.openwall.com/lists/oss-security/2015/11/29/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/82990

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bto.bluecoat.com/security-advisory/sa128

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201607-02

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230216-0002/

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.openwall.com/lists/oss-security/2015/11/29/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/82990

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bto.bluecoat.com/security-advisory/sa128

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201607-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230216-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.