Home

CVE-2015-8394

Description

PCRE before 8.38 mishandles the (() and ((R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.591

Associated Vulnerability

VulnerabilityOS Platform
pcre Security Update (ALAS-2023-2082) pcre-8.32-17.amzn2.0.3.i686.rpmLinux
pcre Security Update (ALAS-2023-2082) pcre-8.32-17.amzn2.0.3.x86_64.rpmLinux
pcre Security Update (ALAS-2023-2082) pcre-devel-8.32-17.amzn2.0.3.x86_64.rpmLinux
pcre Security Update (ALAS-2023-2082) pcre-tools-8.32-17.amzn2.0.3.x86_64.rpmLinux
pcre Security Update (ALAS-2023-2082) pcre-static-8.32-17.amzn2.0.3.x86_64.rpmLinux
pcre Security Update (ALAS2-2023-2082) pcre-8.32-17.amzn2.0.3.x86_64.rpmLinux
pcre Security Update (ALAS2-2023-2082) pcre-8.32-17.amzn2.0.3.i686.rpmLinux
pcre Security Update (ALAS2-2023-2082) pcre-devel-8.32-17.amzn2.0.3.x86_64.rpmLinux
pcre Security Update (ALAS2-2023-2082) pcre-static-8.32-17.amzn2.0.3.x86_64.rpmLinux
pcre Security Update (ALAS2-2023-2082) pcre-tools-8.32-17.amzn2.0.3.x86_64.rpmLinux
Integer Overflow or Wraparound Vulnerability (CVE-2015-8394)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234