CVE-2015-8382 : The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd)

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

Published 2015-12-02 01:59:06

Updated 2016-12-28 02:59:23

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2015-8382

Pcre » Perl Compatible Regular Expression Library » Version: 8.36
cpe:2.3:a:pcre:perl_compatible_regular_expression_library:8.36:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-8382

EPSS FAQ

5.44%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-8382

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2015-8382

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-8382

https://bugzilla.redhat.com/show_bug.cgi?id=1187225

1187225 – (CVE-2015-8382) CVE-2015-8382 php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)
https://bugs.exim.org/show_bug.cgi?id=1537

Bug 1537 – pcre_exec does not fill offsets for certain regexps
Exploit
http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510

ViewVC Exception
http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

ViewVC Exception
Exploit

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2015/08/04/3

oss-security - Re: CVE Request: Information disclosure in pcre
http://www.securityfocus.com/bid/76157

PHP PCRE Extension 'trunk/pcre_exec.c' Information Disclosure Vulnerability
https://bto.bluecoat.com/security-advisory/sa128

SA128 : Multiple PCRE Vulnerabilities

CVEs referencing this url
http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834

208.43.231.11 Git - php-src.git/commit
http://www.openwall.com/lists/oss-security/2015/11/29/1

oss-security - Re: Heap Overflow in PCRE

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-8382

Products affected by CVE-2015-8382

Exploit prediction scoring system (EPSS) score for CVE-2015-8382

CVSS scores for CVE-2015-8382

CWE ids for CVE-2015-8382

References for CVE-2015-8382