CVE-2016-3191 in PCREinfo

Zusammenfassung

von MITRE

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

15.03.2016

Veröffentlichung

17.03.2016

Moderieren

akzeptiert

Eintrag

VDB-81383

CPE

bereit

CWE

CWE-119 (bestätigt)

CVSS

9.8 (NVD)

EPSS

0.07915

KEV

nein

Aktivitäten

very low

Sektor

Telecommunication, Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-3191
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-3191
CVE Details	https://www.cvedetails.com/cve/CVE-2016-3191/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!