The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: debian
Published: 2016-03-17T23:00:00
Updated: 2024-08-05T23:47:58.389Z
Reserved: 2016-03-15T00:00:00
Link: CVE-2016-3191
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-03-17T23:59:01.447
Modified: 2018-01-05T02:30:41.430
Link: CVE-2016-3191
Redhat