CVE-2015-2327 (retired)

Priority
Description
PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related
patterns with certain internal recursive back references, which allows
remote attackers to cause a denial of service (segmentation fault) or
possibly have unspecified other impact via a crafted regular expression, as
demonstrated by a JavaScript RegExp object encountered by Konqueror.
Notes
sbeattiemongodb package uses system pcre since 2.0.0
tyhicksIssue affects PCRE3 only
Marking 'low' since it requires PCRE to operate on untrusted regular
expressions which is not very likely
mdeslaurCVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch
in jessie
Package
Upstream:not-affected (uses system pcre)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system pcre])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system pcre)
Package
Source: pcre2 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: pcre3 (LP Ubuntu Debian)
Upstream:released (2:8.35-8)
Ubuntu 12.04 ESM (Precise Pangolin):released (8.12-4ubuntu0.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:8.38-3)
Patches:
Upstream:http://vcs.pcre.org/pcre?view=revision&revision=1495
More Information

Updated: 2019-10-09 07:52:31 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)