CVE-2015-5073
NONE EPSS 93.8%
Published Dec 13, 20169y ago · Modified Jun 17, 20262w ago
Published Dec 13, 2016 9y ago
Last Modified Jun 17, 2026 2w ago
Description
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
Threat Intelligence
EPSS Exploit Probability
93.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 2
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 3
References 13
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-1025.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-2750.html
- vcs.pcre.org http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup
- vcs.pcre.org http://vcs.pcre.org/pcre?view=revision&revision=1571
- www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
- openwall.com http://www.openwall.com/lists/oss-security/2015/06/26/1
- openwall.com http://www.openwall.com/lists/oss-security/2015/06/26/3
- oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- securityfocus.com http://www.securityfocus.com/bid/75430
- securitytracker.com http://www.securitytracker.com/id/1033154
- access.redhat.com https://access.redhat.com/errata/RHSA-2016:1132
- bugs.exim.org https://bugs.exim.org/show_bug.cgi?id=1651
- security.gentoo.org https://security.gentoo.org/glsa/201607-02
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.