Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

Published

2020-01-14T17:15:12.080

Last Modified

2024-11-21T02:27:13.130

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-125
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application pcre pcre < 8.37 Yes
Operating System opensuse opensuse 13.1 Yes
Operating System opensuse opensuse 13.2 Yes
Application mariadb mariadb < 10.0.18 Yes
Application php php < 5.4.41 Yes
Application php php < 5.5.26 Yes
Application php php < 5.6.9 Yes
References