CVE-2015-3217
NONE EPSS 92.6%
Published Dec 13, 20169y ago · Modified Jun 17, 20262w ago
Published Dec 13, 2016 9y ago
Last Modified Jun 17, 2026 2w ago
Description
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
Threat Intelligence
EPSS Exploit Probability
92.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 10
References 10
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-1025.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-2750.html
- vcs.pcre.org http://vcs.pcre.org/pcre?view=revision&revision=1566
- www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
- openwall.com http://www.openwall.com/lists/oss-security/2015/06/03/7
- oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- securityfocus.com http://www.securityfocus.com/bid/75018
- access.redhat.com https://access.redhat.com/errata/RHSA-2016:1132
- bugs.exim.org https://bugs.exim.org/show_bug.cgi?id=1638
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1228283
Remediation
- vcs.pcre.org http://vcs.pcre.org/pcre?view=revision&revision=1566