CVE-2015-8383 (retired)

Priority
Description
PCRE before 8.38 mishandles certain repeated conditional groups, which
allows remote attackers to cause a denial of service (buffer overflow) or
possibly have unspecified other impact via a crafted regular expression, as
demonstrated by a JavaScript RegExp object encountered by Konqueror.
Notes
tyhicksIssue affects PCRE3 only
Marking 'low' since it requires PCRE to operate on untrusted regular
expressions which is not very likely
Per Debian, vulnerable code introduced in 8.34
mdeslaur0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch
in jessie
Package
Source: pcre2 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: pcre3 (LP Ubuntu Debian)
Upstream:released (8.38)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:8.38-3)
Patches:
Upstream:http://vcs.pcre.org/pcre?view=revision&revision=1557
More Information

Updated: 2019-10-09 07:54:11 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)