Vulnerability-Lookup

CVE-2015-2325 (GCVE-0-2015-2325)

Vulnerability from cvelistv5 – Published: 2020-01-14 16:46 – Updated: 2024-08-06 05:10

Summary

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2015-0…	x_refsource_MISC
	https://bugs.exim.org/show_bug.cgi?id=1591	x_refsource_MISC
	https://www.pcre.org/original/changelog.txt	x_refsource_CONFIRM
	https://fortiguard.com/zeroday/FG-VD-15-015	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:10:15.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.exim.org/show_bug.cgi?id=1591"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.pcre.org/original/changelog.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/zeroday/FG-VD-15-015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T16:46:55.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.exim.org/show_bug.cgi?id=1591"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.pcre.org/original/changelog.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://fortiguard.com/zeroday/FG-VD-15-015"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2325",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
            },
            {
              "name": "https://bugs.exim.org/show_bug.cgi?id=1591",
              "refsource": "MISC",
              "url": "https://bugs.exim.org/show_bug.cgi?id=1591"
            },
            {
              "name": "https://www.pcre.org/original/changelog.txt",
              "refsource": "CONFIRM",
              "url": "https://www.pcre.org/original/changelog.txt"
            },
            {
              "name": "https://fortiguard.com/zeroday/FG-VD-15-015",
              "refsource": "MISC",
              "url": "https://fortiguard.com/zeroday/FG-VD-15-015"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2325",
    "datePublished": "2020-01-14T16:46:55.000Z",
    "dateReserved": "2015-03-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:10:15.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2015-03942

Vulnerability from cnvd - Published: 2015-06-25

Title

PCRE 'compile_branch()'函数堆缓冲区溢出漏洞

Description

PCRE（Perl Compatible Regular Expressions）是软件开发者Philip Hazel所研发的一个使用C语言编写的开源正则表达式函数库。 PCRE在compile_branch()存在堆缓冲区溢出漏洞。允许攻击者利用此漏洞在应用上下文中执行任意代码。

Severity

高

Patch Name

PCRE 'compile_branch()'函数堆缓冲区溢出漏洞的补丁

Patch Description

PCRE（Perl Compatible Regular Expressions）是软件开发者Philip Hazel所研发的一个使用C语言编写的开源正则表达式函数库。 PCRE在compile_branch()存在堆缓冲区溢出漏洞。允许攻击者利用此漏洞在应用上下文中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.pcre.org/

Reference

http://www.securityfocus.com/bid/75175

Impacted products

Name
PCRE PCRE

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75175"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2325"
    }
  },
  "description": "PCRE\uff08Perl Compatible Regular Expressions\uff09\u662f\u8f6f\u4ef6\u5f00\u53d1\u8005Philip Hazel\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u5f00\u6e90\u6b63\u5219\u8868\u8fbe\u5f0f\u51fd\u6570\u5e93\u3002\r\n\r\nPCRE\u5728compile_branch()\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u5e94\u7528\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Kai Lu of Fortinet\u0027s FortiGuard Labs",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.pcre.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03942",
  "openTime": "2015-06-25",
  "patchDescription": "PCRE\uff08Perl Compatible Regular Expressions\uff09\u662f\u8f6f\u4ef6\u5f00\u53d1\u8005Philip Hazel\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u5f00\u6e90\u6b63\u5219\u8868\u8fbe\u5f0f\u51fd\u6570\u5e93\u3002\r\n\r\nPCRE\u5728compile_branch()\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u5e94\u7528\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PCRE \u0027compile_branch()\u0027\u51fd\u6570\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "PCRE PCRE"
  },
  "referenceLink": "http://www.securityfocus.com/bid/75175",
  "serverity": "\u9ad8",
  "submitTime": "2015-06-24",
  "title": "PCRE \u0027compile_branch()\u0027\u51fd\u6570\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-MWR9-2R49-JWHG

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-07-19 00:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-14T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",
  "id": "GHSA-mwr9-2r49-jwhg",
  "modified": "2022-07-19T00:00:26Z",
  "published": "2022-05-24T17:06:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2325"
    },
    {
      "type": "WEB",
      "url": "https://bugs.exim.org/show_bug.cgi?id=1591"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/zeroday/FG-VD-15-015"
    },
    {
      "type": "WEB",
      "url": "https://www.pcre.org/original/changelog.txt"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2015-AVI-265

Vulnerability from certfr_avis - Published: 2015-06-24 - Updated: 2015-06-24

De multiples vulnérabilités ont été corrigées dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
PHP	PHP	PHP versions antérieures à 5.4.42
PHP	PHP	PHP versions antérieures à 5.6.10
PHP	PHP	PHP versions antérieures à 5.5.26

References

Title

Publication Time

Tags

Bulletin de sécurité PHP du 11 juin 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP versions ant\u00e9rieures \u00e0 5.4.42",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP versions ant\u00e9rieures \u00e0 5.6.10",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP versions ant\u00e9rieures \u00e0 5.5.26",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
    },
    {
      "name": "CVE-2015-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2325"
    },
    {
      "name": "CVE-2015-3415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
    },
    {
      "name": "CVE-2015-2326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2326"
    },
    {
      "name": "CVE-2015-3414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
    },
    {
      "name": "CVE-2015-4643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4643"
    },
    {
      "name": "CVE-2015-4642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4642"
    },
    {
      "name": "CVE-2015-4644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4644"
    }
  ],
  "initial_release_date": "2015-06-24T00:00:00",
  "last_revision_date": "2015-06-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-265",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-06-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP du 11 juin 2015",
      "url": "http://www.php.net/ChangeLog-5.php#5.6.10"
    }
  ]
}

CERTFR-2025-AVI-0154

Vulnerability from certfr_avis - Published: 2025-02-21 - Updated: 2025-02-21

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF01
IBM	Controller	Controller versions 11.1.0.x antérieures à 11.1.0.1
IBM	MaaS360	MaaS360 Base, Configuration Utility versions antérieures à 3.001.100
IBM	MaaS360	MaaS360 Mobile Enterprise Gateway versions antérieures à 3.001.100
IBM	Cognos Controller	Cognos Controller versions 11.x antérieures à 11.0.1 FP4

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7183597	2025-02-18	vendor-advisory
Bulletin de sécurité IBM 7183584	2025-02-18	vendor-advisory
Bulletin de sécurité IBM 7183612	2025-02-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF01",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Controller versions 11.1.0.x ant\u00e9rieures \u00e0 11.1.0.1",
      "product": {
        "name": "Controller",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "MaaS360 Base, Configuration Utility versions ant\u00e9rieures \u00e0 3.001.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 3.001.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Controller versions 11.x ant\u00e9rieures \u00e0 11.0.1 FP4",
      "product": {
        "name": "Cognos Controller",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2023-39017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
    },
    {
      "name": "CVE-2024-45084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45084"
    },
    {
      "name": "CVE-2024-45081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45081"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2021-36373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
    },
    {
      "name": "CVE-2015-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2325"
    },
    {
      "name": "CVE-2024-28780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28780"
    },
    {
      "name": "CVE-2024-56326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
    },
    {
      "name": "CVE-2024-8508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
    },
    {
      "name": "CVE-2024-10917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
    },
    {
      "name": "CVE-2021-36374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
    },
    {
      "name": "CVE-2024-12085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
    },
    {
      "name": "CVE-2024-52902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52902"
    },
    {
      "name": "CVE-2024-1488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
    },
    {
      "name": "CVE-2024-56337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
    },
    {
      "name": "CVE-2023-47160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47160"
    },
    {
      "name": "CVE-2024-28776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28776"
    },
    {
      "name": "CVE-2024-21907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21907"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2024-38999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
    },
    {
      "name": "CVE-2024-9823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
    },
    {
      "name": "CVE-2024-40642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40642"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2022-4245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4245"
    },
    {
      "name": "CVE-2022-4244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4244"
    },
    {
      "name": "CVE-2023-50314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
    },
    {
      "name": "CVE-2024-52337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
    },
    {
      "name": "CVE-2024-50379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2020-11979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-27267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
    },
    {
      "name": "CVE-2018-12699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
    },
    {
      "name": "CVE-2024-28777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28777"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    }
  ],
  "initial_release_date": "2025-02-21T00:00:00",
  "last_revision_date": "2025-02-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0154",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-02-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7183597",
      "url": "https://www.ibm.com/support/pages/node/7183597"
    },
    {
      "published_at": "2025-02-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7183584",
      "url": "https://www.ibm.com/support/pages/node/7183584"
    },
    {
      "published_at": "2025-02-18",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7183612",
      "url": "https://www.ibm.com/support/pages/node/7183612"
    }
  ]
}

GSD-2015-2325

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2325

Aliases

CVE-2015-2325

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2325",
    "description": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",
    "id": "GSD-2015-2325",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-2325.html",
      "https://access.redhat.com/errata/RHSA-2016:2750",
      "https://ubuntu.com/security/CVE-2015-2325",
      "https://alas.aws.amazon.com/cve/html/CVE-2015-2325.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2325"
      ],
      "details": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",
      "id": "GSD-2015-2325",
      "modified": "2023-12-13T01:20:00.865024Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-2325",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
          },
          {
            "name": "https://bugs.exim.org/show_bug.cgi?id=1591",
            "refsource": "MISC",
            "url": "https://bugs.exim.org/show_bug.cgi?id=1591"
          },
          {
            "name": "https://www.pcre.org/original/changelog.txt",
            "refsource": "CONFIRM",
            "url": "https://www.pcre.org/original/changelog.txt"
          },
          {
            "name": "https://fortiguard.com/zeroday/FG-VD-15-015",
            "refsource": "MISC",
            "url": "https://fortiguard.com/zeroday/FG-VD-15-015"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.37",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.18",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.26",
                "versionStartIncluding": "5.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.41",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.9",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2325"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                },
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.exim.org/show_bug.cgi?id=1591",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=1591"
            },
            {
              "name": "https://fortiguard.com/zeroday/FG-VD-15-015",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://fortiguard.com/zeroday/FG-VD-15-015"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
            },
            {
              "name": "https://www.pcre.org/original/changelog.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.pcre.org/original/changelog.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-08-05T14:29Z",
      "publishedDate": "2020-01-14T17:15Z"
    }
  }
}

FKIE_CVE-2015-2325

Vulnerability from fkie_nvd - Published: 2020-01-14 17:15 - Updated: 2024-11-21 02:27

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html	Mailing List, Third Party Advisory
cve@mitre.org	https://bugs.exim.org/show_bug.cgi?id=1591	Exploit, Issue Tracking, Permissions Required, Third Party Advisory
cve@mitre.org	https://fortiguard.com/zeroday/FG-VD-15-015	Third Party Advisory
cve@mitre.org	https://www.pcre.org/original/changelog.txt	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.exim.org/show_bug.cgi?id=1591	Exploit, Issue Tracking, Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/zeroday/FG-VD-15-015	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.pcre.org/original/changelog.txt	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
pcre	pcre	*
opensuse	opensuse	13.1
opensuse	opensuse	13.2
mariadb	mariadb	*
php	php	*
php	php	*
php	php	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "380663D5-622F-49F1-8BA2-5BC5D64EA947",
              "versionEndExcluding": "8.37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F2E36C-4FF9-4695-96F8-63B2F755A8B2",
              "versionEndExcluding": "10.0.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94FE4BDA-52E7-4E77-88E7-82058ECEF840",
              "versionEndExcluding": "5.4.41",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3573200F-9588-413E-90CB-E35C5A510D2C",
              "versionEndExcluding": "5.5.26",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA8BEC-B2AF-43B2-BF75-0F6AEC5595BF",
              "versionEndExcluding": "5.6.9",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n compile_branch en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar c\u00f3digo incorrecto, causar una denegaci\u00f3n de servicio (lectura de la pila fuera de l\u00edmites y bloqueo) o posiblemente tener otro impacto no especificado por medio de una expresi\u00f3n regular con un grupo que contiene una referencia directa repetida una gran n\u00famero de veces dentro de un grupo externo repetido que posee un cuantificador m\u00ednimo cero."
    }
  ],
  "id": "CVE-2015-2325",
  "lastModified": "2024-11-21T02:27:13.130",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-14T17:15:12.080",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bugs.exim.org/show_bug.cgi?id=1591"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://fortiguard.com/zeroday/FG-VD-15-015"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.pcre.org/original/changelog.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bugs.exim.org/show_bug.cgi?id=1591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://fortiguard.com/zeroday/FG-VD-15-015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.pcre.org/original/changelog.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2325 (GCVE-0-2015-2325)

CNVD-2015-03942

GHSA-MWR9-2R49-JWHG

CERTFR-2015-AVI-265

Solution

CERTFR-2025-AVI-0154

Solutions

GSD-2015-2325

FKIE_CVE-2015-2325

Tags

Sightings

Nomenclature