CVE-2015-8389 (retired)

Priority
Description
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related
patterns, which allows remote attackers to cause a denial of service
(infinite recursion) or possibly have unspecified other impact via a
crafted regular expression, as demonstrated by a JavaScript RegExp object
encountered by Konqueror.
Notes
tyhicksIssue affects PCRE3 only
Marking 'low' since it requires PCRE to operate on untrusted regular
expressions which is not very likely
mdeslaurintroduced in 8.35

0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch
in jessie
Package
Source: pcre2 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: pcre3 (LP Ubuntu Debian)
Upstream:released (8.38)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:8.38-3)
Patches:
Upstream:http://vcs.pcre.org/pcre?view=revision&revision=1577
More Information

Updated: 2019-10-09 07:54:11 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)