CVE-2015-8388

Priority
Description
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and
related patterns with an unmatched closing parenthesis, which allows remote
attackers to cause a denial of service (buffer overflow) or possibly have
unspecified other impact via a crafted regular expression, as demonstrated
by a JavaScript RegExp object encountered by Konqueror.
Notes
tyhicksIssue affects PCRE3 only
Marking 'low' since it requires PCRE to operate on untrusted regular
expressions which is not very likely
Fix for CVE-2015-5073 also fixes this issue
mdeslaurwas supposed to be fixed in wily (2:8.35-7ubuntu2) but got
reverted in (2:8.35-7ubuntu5) by mistake

CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch
in jessie
Package
Source: pcre2 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: pcre3 (LP Ubuntu Debian)
Upstream:released (2:8.35-7)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:8.31-2ubuntu2.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:8.38-3)
Patches:
Upstream:http://vcs.pcre.org/pcre?view=revision&revision=1571
More Information

Updated: 2020-09-10 04:56:22 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)