The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-14T16:46:57
Updated: 2024-08-06T05:10:16.144Z
Reserved: 2015-03-18T00:00:00
Link: CVE-2015-2326
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-01-14T17:15:12.177
Modified: 2023-01-19T16:38:17.207
Link: CVE-2015-2326
Redhat