CVE-2015-3217 in Philip Hazel PCRE
요약 (영어)
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
예약하다
2015. 04. 10.
공개
2016. 12. 13.
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 75695 | Philip Hazel PCRE match 메모리 손상 | 119 | 정의되지 않음 | Unavailable | CVE-2015-3217 |