PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-12-02T01:00:00

Updated: 2024-08-06T05:10:16.260Z

Reserved: 2015-03-18T00:00:00

Link: CVE-2015-2328

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-12-02T01:59:01.880

Modified: 2019-12-27T16:08:55.810

Link: CVE-2015-2328

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-08-07T00:00:00Z

Links: CVE-2015-2328 - Bugzilla