CVE-2015-8381
Published: 1 December 2015
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Notes
| Author | Note |
|---|---|
| tyhicks | Marking 'low' since it requires PCRE to operate on untrusted regular expressions which is not very likely |
| mdeslaur | introduced in 8.34 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch in jessie |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
pcre2 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Released
(10.20-3)
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Not vulnerable
(10.20-3)
|
|
| yakkety |
Not vulnerable
(10.20-3)
|
|
| zesty |
Not vulnerable
(10.20-3)
|
|
|
pcre3 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
| trusty |
Not vulnerable
(reproducer doesn't work)
|
|
| upstream |
Released
(8.38)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Released
(2:8.35-7.1ubuntu1.3)
|
|
| xenial |
Not vulnerable
(2:8.38-3)
|
|
| yakkety |
Not vulnerable
(2:8.38-3)
|
|
| zesty |
Not vulnerable
(2:8.38-3)
|
|
|
Patches: upstream: http://vcs.pcre.org/pcre?view=revision&revision=1594 |
||
References
- http://www.openwall.com/lists/oss-security/2015/08/24/1
- http://www.openwall.com/lists/oss-security/2015/08/05/3
- http://www.openwall.com/lists/oss-security/2015/11/29/1
- http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
- https://ubuntu.com/security/notices/USN-2943-1
- https://www.cve.org/CVERecord?id=CVE-2015-8381
- NVD
- Launchpad
- Debian