CVE-2015-5073

NONE EPSS 93.8%
Published Dec 13, 20169y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 13, 2016 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

Threat Intelligence

EPSS Exploit Probability
93.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 3

VendorProductVersionRange
ibmpowerkvm2.1any
ibmpowerkvm3.1any
pcrepcre* ≤8.37

References 13

  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-1025.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-2750.html
  • vcs.pcre.org http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup
    Vendor Advisory
  • vcs.pcre.org http://vcs.pcre.org/pcre?view=revision&revision=1571
    ExploitVendor Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2015/06/26/1
    Mailing List
  • openwall.com http://www.openwall.com/lists/oss-security/2015/06/26/3
    Mailing List
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
  • securityfocus.com http://www.securityfocus.com/bid/75430
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033154
    Third Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2016:1132
  • bugs.exim.org https://bugs.exim.org/show_bug.cgi?id=1651
    Exploit
  • security.gentoo.org https://security.gentoo.org/glsa/201607-02

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.