Vulnerability-Lookup

CVE-2015-8389 (GCVE-0-2015-8389)

Vulnerability from cvelistv5 – Published: 2015-12-02 00:00 – Updated: 2024-08-06 08:13

Summary

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2015/11/29/1	mailing-list
	http://www.securityfocus.com/bid/82990	vdb-entry
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…
	https://bto.bluecoat.com/security-advisory/sa128
	http://vcs.pcre.org/pcre/code/trunk/ChangeLog?vie…
	https://security.gentoo.org/glsa/201607-02	vendor-advisory
	https://security.netapp.com/advisory/ntap-2023021…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:13:32.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
          },
          {
            "name": "82990",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/82990"
          },
          {
            "name": "FEDORA-2015-eb896290d3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa128"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
          },
          {
            "name": "GLSA-201607-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-16T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
        },
        {
          "name": "82990",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/82990"
        },
        {
          "name": "FEDORA-2015-eb896290d3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa128"
        },
        {
          "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
        },
        {
          "name": "GLSA-201607-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201607-02"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8389",
    "datePublished": "2015-12-02T00:00:00.000Z",
    "dateReserved": "2015-12-01T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:13:32.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-293

Vulnerability from certfr_avis - Published: 2018-06-15 - Updated: 2018-06-15

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus Agent	Nessus Agent versions 7.0.3 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable TNS-2018-09 du 14 juin 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus Agent versions 7.0.3 et ant\u00e9rieures",
      "product": {
        "name": "Nessus Agent",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2017-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2015-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2016-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
    },
    {
      "name": "CVE-2017-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
    },
    {
      "name": "CVE-2015-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
    },
    {
      "name": "CVE-2017-7245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
    },
    {
      "name": "CVE-2016-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2014-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2017-1000061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
    },
    {
      "name": "CVE-2017-9048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2017-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2016-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
    },
    {
      "name": "CVE-2017-9050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2017-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2018-0733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0733"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2014-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
    },
    {
      "name": "CVE-2017-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
    },
    {
      "name": "CVE-2015-8380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2015-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2017-9049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2017-8872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2015-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
    },
    {
      "name": "CVE-2017-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
    }
  ],
  "initial_release_date": "2018-06-15T00:00:00",
  "last_revision_date": "2018-06-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-293",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nAgent. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Agent",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-09 du 14 juin 2018",
      "url": "https://www.tenable.com/security/tns-2018-09"
    }
  ]
}

CERTFR-2018-AVI-288

Vulnerability from certfr_avis - Published: 2018-06-14 - Updated: 2018-06-14

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus	Nessus toutes versions antérieures à 7.1.1

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable TNS-2018-08 du 13 juin 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus toutes versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2017-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2015-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2016-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
    },
    {
      "name": "CVE-2017-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
    },
    {
      "name": "CVE-2015-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
    },
    {
      "name": "CVE-2017-7245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
    },
    {
      "name": "CVE-2016-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2014-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2017-1000061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
    },
    {
      "name": "CVE-2017-9048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2017-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2016-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
    },
    {
      "name": "CVE-2017-9050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2017-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2014-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
    },
    {
      "name": "CVE-2017-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
    },
    {
      "name": "CVE-2015-8380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2015-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2017-9049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2017-8872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2015-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
    },
    {
      "name": "CVE-2017-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
    }
  ],
  "initial_release_date": "2018-06-14T00:00:00",
  "last_revision_date": "2018-06-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-288",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-08 du 13 juin 2018",
      "url": "https://www.tenable.com/security/tns-2018-08"
    }
  ]
}

GHSA-W4P3-383R-C3GC

Vulnerability from github – Published: 2022-05-17 02:37 – Updated: 2025-04-12 12:54

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-8389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-02T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
  "id": "GHSA-w4p3-383r-c3gc",
  "modified": "2025-04-12T12:54:19Z",
  "published": "2022-05-17T02:37:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8389"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa128"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201607-02"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230216-0002"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
    },
    {
      "type": "WEB",
      "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/82990"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2015-07884

Vulnerability from cnvd - Published: 2015-12-03

Title

PCRE拒绝服务漏洞（CNVD-2015-07884）

Description

PCRE（Perl Compatible Regular Expressions）是软件开发者Philip Hazel所研发的一个使用C语言编写的开源正则表达式函数库。 PCRE 8.38之前版本中存在安全漏洞，该漏洞源于程序未能正确处理‘/(?:|a|){100}x/’模式和相关模式。远程攻击者可借助特制的正则表达式利用该漏洞造成拒绝服务（无限递归）。

Severity

高

Patch Name

PCRE拒绝服务漏洞（CNVD-2015-07884）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

Reference

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www.openwall.com/lists/oss-security/2015/11/29/1

Impacted products

Name
PCRE PCRE <8.38

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-8389"
    }
  },
  "description": "PCRE\uff08Perl Compatible Regular Expressions\uff09\u662f\u8f6f\u4ef6\u5f00\u53d1\u8005Philip Hazel\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u5f00\u6e90\u6b63\u5219\u8868\u8fbe\u5f0f\u51fd\u6570\u5e93\u3002\r\n\r\nPCRE 8.38\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u2018/(?:|a|){100}x/\u2019\u6a21\u5f0f\u548c\u76f8\u5173\u6a21\u5f0f\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u65e0\u9650\u9012\u5f52\uff09\u3002",
  "discovererName": "LLVM fuzzer",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07884",
  "openTime": "2015-12-03",
  "patchDescription": "PCRE\uff08Perl Compatible Regular Expressions\uff09\u662f\u8f6f\u4ef6\u5f00\u53d1\u8005Philip Hazel\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u5f00\u6e90\u6b63\u5219\u8868\u8fbe\u5f0f\u51fd\u6570\u5e93\u3002\r\n\r\nPCRE 8.38\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u2018/(?:|a|){100}x/\u2019\u6a21\u5f0f\u548c\u76f8\u5173\u6a21\u5f0f\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u65e0\u9650\u9012\u5f52\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PCRE\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-07884\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "PCRE PCRE \u003c8.38"
  },
  "referenceLink": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup\r\nhttp://www.openwall.com/lists/oss-security/2015/11/29/1",
  "serverity": "\u9ad8",
  "submitTime": "2015-12-02",
  "title": "PCRE\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-07884\uff09"
}

FKIE_CVE-2015-8389

Vulnerability from fkie_nvd - Published: 2015-12-02 01:59 - Updated: 2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html	Third Party Advisory
cve@mitre.org	http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup	Release Notes, Vendor Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/11/29/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/82990	Third Party Advisory, VDB Entry
cve@mitre.org	https://bto.bluecoat.com/security-advisory/sa128	Permissions Required, Third Party Advisory
cve@mitre.org	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201607-02	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20230216-0002/
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/11/29/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/82990	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa128	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201607-02	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230216-0002/

Impacted products

Vendor	Product	Version
pcre	perl_compatible_regular_expression_library	*
fedoraproject	fedora	22
php	php	*
php	php	*
php	php	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pcre:perl_compatible_regular_expression_library:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A2867E-F109-44E6-8E01-A7010D5B6FDA",
              "versionEndIncluding": "8.37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B055DFDD-2D3F-40CD-A62E-1D9B1C005771",
              "versionEndExcluding": "5.5.32",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04060332-EC2C-4281-A627-8FBDCEB79154",
              "versionEndExcluding": "5.6.18",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A20A620-CDCF-4496-86E9-1ECA1A3C665E",
              "versionEndExcluding": "7.0.3",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
    },
    {
      "lang": "es",
      "value": "PCRE en versiones anteriores a 8.38 no maneja correctamente el patr\u00f3n /(?:|a|){100}x/ y patrones relacionados, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (recursi\u00f3n infinita) o posiblemente tener otro impacto no especificado a trav\u00e9s de una expresi\u00f3n regular manipulada, seg\u00fan lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror."
    }
  ],
  "id": "CVE-2015-8389",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2015-12-02T01:59:13.417",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/82990"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa128"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-02"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/82990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-185"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-8389

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-8389

Aliases

CVE-2015-8389

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-8389",
    "description": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
    "id": "GSD-2015-8389",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-8389.html",
      "https://ubuntu.com/security/CVE-2015-8389"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-8389"
      ],
      "details": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
      "id": "GSD-2015-8389",
      "modified": "2023-12-13T01:20:03.897968Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-8389",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
          },
          {
            "name": "82990",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/82990"
          },
          {
            "name": "FEDORA-2015-eb896290d3",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
          },
          {
            "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
          },
          {
            "name": "https://bto.bluecoat.com/security-advisory/sa128",
            "refsource": "CONFIRM",
            "url": "https://bto.bluecoat.com/security-advisory/sa128"
          },
          {
            "name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
            "refsource": "CONFIRM",
            "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
          },
          {
            "name": "GLSA-201607-02",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201607-02"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230216-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pcre:perl_compatible_regular_expression_library:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.37",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.18",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.32",
                "versionStartIncluding": "5.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8389"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                },
                {
                  "lang": "en",
                  "value": "CWE-185"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
            },
            {
              "name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
            },
            {
              "name": "82990",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/82990"
            },
            {
              "name": "FEDORA-2015-eb896290d3",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa128",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa128"
            },
            {
              "name": "GLSA-201607-02",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201607-02"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230216-0002/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-16T14:15Z",
      "publishedDate": "2015-12-02T01:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-8389 (GCVE-0-2015-8389)

CERTFR-2018-AVI-293

Solution

CERTFR-2018-AVI-288

Solution

GHSA-W4P3-383R-C3GC

CNVD-2015-07884

FKIE_CVE-2015-8389

GSD-2015-8389

Tags

Sightings

Nomenclature