CVE-2015-2327

Priority
Description
PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related
patterns with certain internal recursive back references, which allows
remote attackers to cause a denial of service (segmentation fault) or
possibly have unspecified other impact via a crafted regular expression, as
demonstrated by a JavaScript RegExp object encountered by Konqueror.
Notes
sbeattiemongodb package uses system pcre since 2.0.0
tyhicksIssue affects PCRE3 only
Marking 'low' since it requires PCRE to operate on untrusted regular
expressions which is not very likely
mdeslaurCVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch
in jessie
Package
Upstream:not-affected (uses system pcre)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system pcre])
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system pcre)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system pcre)
Package
Source: pcre2 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: pcre3 (LP Ubuntu Debian)
Upstream:released (2:8.35-8)
Ubuntu 12.04 ESM (Precise Pangolin):released (8.12-4ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:8.31-2ubuntu2.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:8.38-3)
Patches:
Upstream:http://vcs.pcre.org/pcre?view=revision&revision=1495
More Information

Updated: 2020-09-10 04:40:11 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)