The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: debian

Published: 2016-03-17T23:00:00

Updated: 2024-08-05T23:47:58.389Z

Reserved: 2016-03-15T00:00:00

Link: CVE-2016-3191

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-03-17T23:59:01.447

Modified: 2018-01-05T02:30:41.430

Link: CVE-2016-3191

cve-icon Redhat

Severity : Important

Publid Date: 2016-02-09T00:00:00Z

Links: CVE-2016-3191 - Bugzilla