CVE-2015-2325

Published: 1/14/2020 Last updated: 8/6/2024 Reserved: 3/18/2015

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (8)

conf-libpcre conf-libpcre2-8 conf-mariadb conf-mingw-w64-pcre2-i686 conf-mingw-w64-pcre2-x86_64 conf-mingw-w64-pcre-i686 conf-mingw-w64-pcre-x86_64 conf-mysql

Products affected (1)

Product	Vendor	Version
n/a	n/a	7.1.1

References (8)

http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html
https://bugs.exim.org/show_bug.cgi?id=1591
https://www.pcre.org/original/changelog.txt
https://fortiguard.com/zeroday/FG-VD-15-015
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html
https://bugs.exim.org/show_bug.cgi?id=1591
https://www.pcre.org/original/changelog.txt
https://fortiguard.com/zeroday/FG-VD-15-015