Lucene search

K

MitreCVELIST:CVE-2015-5073

HistoryDec 13, 2016 - 4:00 p.m.

CVE-2015-5073

2016-12-1316:00:00

mitre

www.cve.org

1

8.9 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

References

rhn.redhat.com/errata/RHSA-2016-1025.html

rhn.redhat.com/errata/RHSA-2016-2750.html

vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup

vcs.pcre.org/pcre?view=revision&revision=1571

www-01.ibm.com/support/docview.wss?uid=isg3T1023886

www.openwall.com/lists/oss-security/2015/06/26/1

www.openwall.com/lists/oss-security/2015/06/26/3

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/75430

www.securitytracker.com/id/1033154

access.redhat.com/errata/RHSA-2016:1132

bugs.exim.org/show_bug.cgi?id=1651

security.gentoo.org/glsa/201607-02

8.9 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

Related for CVELIST:CVE-2015-5073

cve1 openvas19 nessus26 debiancve1 mageia1 prion1 nvd1 f52 veracode58 freebsd1 fedora5 amazon2 securityvulns2 ubuntucve7 ubuntu2 oraclelinux1 ibm1 centos1 redhat3 gentoo1 suse2