CVE-2015-2328 (retired)

Priority
Description
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related
patterns with certain recursion, which allows remote attackers to cause a
denial of service (segmentation fault) or possibly have unspecified other
impact via a crafted regular expression, as demonstrated by a JavaScript
RegExp object encountered by Konqueror.
Notes
sbeattiesince 2.0.0, mongodb packages use system pcre
tyhicksIssue affects PCRE3 only
Marking 'low' since it requires PCRE to operate on untrusted regular
expressions which is not very likely
mdeslaur0001-Fix-compile-time-loop-for-recursive-reference-within.patch
in jessie
Package
Upstream:not-affected (uses system pcre)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system pcre])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system pcre)
Package
Source: pcre2 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: pcre3 (LP Ubuntu Debian)
Upstream:released (2:8.35-8)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:8.38-3)
Patches:
Upstream:http://vcs.pcre.org/pcre?view=revision&revision=1498
More Information

Updated: 2019-10-09 07:52:32 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)