Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2015-2326
HistoryJan 14, 2020 - 5:15 p.m.

CVE-2015-2326

2020-01-1417:15:12
CWE-125
[email protected]
web.nvd.nist.gov
65
2
pcre
denial of service
cve-2015-2326
regular expression
out-of-bounds read

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by “((?+1)(\1))/”.

Affected configurations

NVD
Node
pcrepcreRange<8.37
Node
opensuseopensuseMatch13.1
OR
opensuseopensuseMatch13.2
Node
mariadbmariadbRange10.0.010.0.18
Node
phpphpRange5.4.05.4.41
OR
phpphpRange5.5.05.5.26
OR
phpphpRange5.6.05.6.9
CPENameOperatorVersion
pcre:pcrepcrelt8.37

Social References

More

Related

nvd 1
f5 2
prion 1
mariadbunix 1
debiancve 1
cvelist 1
freebsd 1
nessus 23
securityvulns 2
ubuntucve 7
openvas 11
ubuntu 2
openwrt 1
amazon 4
slackware 2
suse 2
rosalinux 1
veracode 57
redhat 1
nvd
nvd
CVE-2015-2326
2020-01-14 17:15:12
f5
f5
K16984 : PCRE library vulnerability CVE-2015-2326
2015-07-17 00:00:00
SOL16984 - PCRE library vulnerability CVE-2015-2326
2015-07-17 00:00:00
prion
prion
Out-of-bounds
2020-01-14 17:15:00
mariadbunix
mariadbunix
CVE-2015-2326
2020-01-14 17:15:00
debiancve
debiancve
CVE-2015-2326
2020-01-14 17:15:12
cvelist
cvelist
CVE-2015-2326
2020-01-14 16:46:57
freebsd
freebsd
pcre -- multiple vulnerabilities
2015-04-28 00:00:00
nessus
nessus
FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)
2015-05-26 00:00:00
openSUSE Security Update : pcre (openSUSE-2015-353)
2015-05-13 00:00:00
Ubuntu 14.04 LTS : PCRE vulnerabilities (USN-2694-1)
2015-07-30 00:00:00
securityvulns
securityvulns
PCRE multiple security vulnerabilities
2015-08-02 00:00:00
[USN-2694-1] PCRE vulnerabilities
2015-08-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-5073
2015-06-26 00:00:00
CVE-2015-2325
2015-04-01 00:00:00
CVE-2015-2326
2015-04-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2694-1)
2015-07-30 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-536)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-534)
2015-09-08 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2015-07-29 00:00:00
PCRE vulnerabilities
2016-03-29 00:00:00
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
amazon
amazon
Important: php56
2015-06-02 22:22:00
Important: php54
2015-06-02 22:20:00
Medium: php56
2015-07-07 12:40:00
slackware
slackware
[slackware-security] php
2015-06-11 23:01:25
[slackware-security] php
2015-07-17 20:25:21
suse
suse
Security update for mariadb (important)
2015-07-21 16:08:23
Security update for MariaDB (important)
2015-07-09 17:08:05
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
veracode
veracode
Buffer Overflow
2019-05-02 06:02:24
Denial Of Service (DoS)
2019-05-02 06:02:22
Denial Of Service (DoS)
2019-05-02 06:02:18
redhat
redhat
(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update
2016-11-15 11:13:31

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON
Related for CVE-2015-2326
nvd1f52prion1mariadbunix1debiancve1cvelist1freebsd1nessus23securityvulns2ubuntucve7openvas11ubuntu2openwrt1amazon4slackware2suse2rosalinux1veracode57redhat1