« List of all CVEs

CVE-2015-2326

Published: 1/14/2020 Last updated: 8/6/2024 Reserved: 3/18/2015

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (8)

conf-libpcre conf-libpcre2-8 conf-mariadb conf-mingw-w64-pcre2-i686 conf-mingw-w64-pcre2-x86_64 conf-mingw-w64-pcre-i686 conf-mingw-w64-pcre-x86_64 conf-mysql

Products affected (1)

Product Vendor Version
n/a n/a <= 2.1.6

References (8)