CVE-2015-8380 - OpenCVE

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Pcre	Perl Compatible Regular Expression Library

Configuration 1 [-]

cpe:2.3:a:pcre:perl_compatible_regular_expression_library:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html
http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
http://www.openwall.com/lists/oss-security/2015/11/29/1
http://www.securityfocus.com/bid/77695
https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html
https://bto.bluecoat.com/security-advisory/sa128
https://bugs.exim.org/show_bug.cgi?id=1637
https://nvd.nist.gov/vuln/detail/CVE-2015-8380
https://security.gentoo.org/glsa/201607-02
https://www.cve.org/CVERecord?id=CVE-2015-8380

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-12-02T01:00:00

Updated: 2024-08-06T08:13:32.587Z

Reserved: 2015-12-01T00:00:00

Link: CVE-2015-8380

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-12-02T01:59:03.347

Modified: 2017-07-01T01:29:25.327

Link: CVE-2015-8380

Redhat

Severity :

Publid Date: 2015-06-01T00:00:00Z

Links: CVE-2015-8380 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-23T00:00:00", "descriptions": [{"lang": "en", "value": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.exim.org/show_bug.cgi?id=1637"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html"}, {"name": "FEDORA-2015-afafa29551", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html"}, {"name": "77695", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77695"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa128"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"}, {"name": "GLSA-201607-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201607-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8380", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"}, {"name": "https://bugs.exim.org/show_bug.cgi?id=1637", "refsource": "CONFIRM", "url": "https://bugs.exim.org/show_bug.cgi?id=1637"}, {"name": "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html", "refsource": "MISC", "url": "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html"}, {"name": "FEDORA-2015-afafa29551", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html"}, {"name": "77695", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77695"}, {"name": "https://bto.bluecoat.com/security-advisory/sa128", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa128"}, {"name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", "refsource": "CONFIRM", "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"}, {"name": "GLSA-201607-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:13:32.587Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.exim.org/show_bug.cgi?id=1637"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html"}, {"name": "FEDORA-2015-afafa29551", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html"}, {"name": "77695", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77695"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa128"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"}, {"name": "GLSA-201607-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201607-02"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8380", "datePublished": "2015-12-02T01:00:00", "dateReserved": "2015-12-01T00:00:00", "dateUpdated": "2024-08-06T08:13:32.587Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pcre:perl_compatible_regular_expression_library:*:*:*:*:*:*:*:*", "matchCriteriaId": "22A2867E-F109-44E6-8E01-A7010D5B6FDA", "versionEndIncluding": "8.37", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."}, {"lang": "es", "value": "La funci\u00f3n pcre_exec en pcre_exec.c en PCRE en versiones anteriores a 8.38 no maneja correctamente un patr\u00f3n // con una cadena \\01, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica) o posiblemente tener otro impacto no especificado a trav\u00e9s de una expresi\u00f3n regular manipulada, seg\u00fan lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror."}], "id": "CVE-2015-8380", "lastModified": "2017-07-01T01:29:25.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-12-02T01:59:03.347", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/77695"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa128"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugs.exim.org/show_bug.cgi?id=1637"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201607-02"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)", "id": "1285413", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285413"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."], "name": "CVE-2015-8380", "package_state": [{"cpe": "cpe:/a:redhat:directory_server:8", "fix_state": "Not affected", "package_name": "pcre", "product_name": "Red Hat Directory Server 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "pcre", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "pcre", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "pcre", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "virtuoso-opensource", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Will not fix", "package_name": "pcre", "product_name": "Red Hat JBoss Enterprise Web Server 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-mariadb100-mariadb", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-mariadb101-mariadb", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-php56-php", "product_name": "Red Hat Software Collections"}], "public_date": "2015-06-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8380\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8380"], "upstream_fix": "pcre 8.38"}