Lucene search

PRIOn knowledge basePRION:CVE-2016-3191

HistoryMar 17, 2016 - 11:59 p.m.

Stack overflow

2016-03-1723:59:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

High

0.151 Low

EPSS

Percentile

95.9%

JSON

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

CPENameOperatorVersion
pcreeq8.34
pcreeq8.36
pcreeq8.33
pcreeq8.00
pcreeq8.30
pcreeq8.01
pcreeq8.10
pcreeq8.31
pcreeq8.21
pcreeq8.20

Name	Operator	Version
pcre	eq	8.34
pcre	eq	8.36
pcre	eq	8.33
pcre	eq	8.00
pcre	eq	8.30
pcre	eq	8.01
pcre	eq	8.10
pcre	eq	8.31
pcre	eq	8.21
pcre	eq	8.20

Rows per page:

1-10 of 191

References

rhn.redhat.com/errata/RHSA-2016-1025.html

vcs.pcre.org/pcre2?view=revision&revision=489

vcs.pcre.org/pcre?view=revision&revision=1631

www-01.ibm.com/support/docview.wss?uid=isg3T1023886

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/84810

access.redhat.com/errata/RHSA-2016:1132

bto.bluecoat.com/security-advisory/sa128

bugs.debian.org/815920

bugs.debian.org/815921

bugs.exim.org/show_bug.cgi?id=1791

bugzilla.redhat.com/show_bug.cgi?id=1311503

www.tenable.com/security/tns-2016-18