CVE-2016-3191

Published: Mar 17, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

Affected (19)

Products: Pcre: Pcre, Pcre2

2 products

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Pcre Pcre	Version 8.00
Pcre Pcre	Version 8.01
Pcre Pcre	Version 8.02
Pcre Pcre	Version 8.10
Pcre Pcre	Version 8.11
Pcre Pcre	Version 8.12
Pcre Pcre	Version 8.13
Pcre Pcre	Version 8.20
Pcre Pcre	Version 8.21
Pcre Pcre	Version 8.30
Pcre Pcre	Version 8.31
Pcre Pcre	Version 8.32
Pcre Pcre	Version 8.33
Pcre Pcre	Version 8.34
Pcre Pcre	Version 8.35
Pcre Pcre	Version 8.36
Pcre Pcre	Version 8.37
Pcre Pcre	Version 8.38
Pcre Pcre2	Up to 10.21

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (26)

http://rhn.redhat.com/errata/RHSA-2016-1025.html

Source: security@debian.org

http://vcs.pcre.org/pcre2?view=revision&revision=489

Source: security@debian.org

http://vcs.pcre.org/pcre?view=revision&revision=1631

Source: security@debian.org

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886

Source: security@debian.org

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: security@debian.org

http://www.securityfocus.com/bid/84810

Source: security@debian.org

https://access.redhat.com/errata/RHSA-2016:1132

Source: security@debian.org

https://bto.bluecoat.com/security-advisory/sa128

Source: security@debian.org

https://bugs.debian.org/815920

Source: security@debian.org

https://bugs.debian.org/815921

Source: security@debian.org

https://bugs.exim.org/show_bug.cgi?id=1791

Source: security@debian.org

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1311503

Source: security@debian.org

https://www.tenable.com/security/tns-2016-18

Source: security@debian.org

http://rhn.redhat.com/errata/RHSA-2016-1025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://vcs.pcre.org/pcre2?view=revision&revision=489

Source: af854a3a-2127-422b-91ae-364da2661108

http://vcs.pcre.org/pcre?view=revision&revision=1631

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/84810

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2016:1132

Source: af854a3a-2127-422b-91ae-364da2661108

https://bto.bluecoat.com/security-advisory/sa128

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.debian.org/815920

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.debian.org/815921

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.exim.org/show_bug.cgi?id=1791

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1311503

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.tenable.com/security/tns-2016-18

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.