CVE-2015-2328
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 02 Dec 2015, 01:00
Last modified:06 Aug 2024, 05:10
Vulnerability Summary
Overall Risk (default)
medium
41/100 CVSS Score
7.5 HIGH
v2.0 (nvd)
EPSS Score
2.71% LOW
3% probability -2.42%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
02 Dec 2015, 01:00
Published
Vulnerability first disclosed
06 Aug 2024, 05:10
Last Modified
Vulnerability information updated
Description
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVSS Metrics
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 2.71%• Percentile: 86%
Techniques & Countermeasures
- CWE-19•Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.
Affected Systems
- oracle•linux
7
- pcre•pcre
≤ 8.35
References (10)
- http://www.openwall.com/lists/oss-security/2015/11/29/1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
- http://rhn.redhat.com/errata/RHSA-2016-1025.html
- http://www.securityfocus.com/bid/74924
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://www.fortiguard.com/advisory/FG-VD-15-014/
- https://jira.mongodb.org/browse/SERVER-17252
- https://bugs.exim.org/show_bug.cgi?id=1515
- http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup