UBUNTU-CVE-2015-8381

See a problem?
Source
https://ubuntu.com/security/notices/UBUNTU-CVE-2015-8381
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-8381.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-8381
Related
Published
2015-12-01T00:00:00Z
Modified
2015-12-01T00:00:00Z
Summary
[none]
Details

The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

References

Affected packages

Ubuntu:16.04:LTS / pcre2

Package

Name
pcre2
Purl
pkg:deb/ubuntu/pcre2@10.20-3?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.20-3

Affected versions

10.*

10.20-1
10.20-2

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libpcre2-posix0": "10.20-3",
            "libpcre2-32-0": "10.20-3",
            "libpcre2-dev": "10.20-3",
            "libpcre2-32-0-dbgsym": "10.20-3",
            "libpcre2-16-0": "10.20-3",
            "libpcre2-dbg": "10.20-3",
            "libpcre2-16-0-dbgsym": "10.20-3",
            "pcre2-utils-dbgsym": "10.20-3",
            "libpcre2-8-0-dbgsym": "10.20-3",
            "libpcre2-dev-dbgsym": "10.20-3",
            "libpcre2-8-0": "10.20-3",
            "libpcre2-posix0-dbgsym": "10.20-3",
            "pcre2-utils": "10.20-3"
        }
    ]
}

Ubuntu:16.04:LTS / pcre3

Package

Name
pcre3
Purl
pkg:deb/ubuntu/pcre3@2:8.38-3?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:8.38-3

Affected versions

2:8.*

2:8.35-7.1ubuntu1
2:8.38-1ubuntu1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libpcre32-3": "2:8.38-3",
            "pcregrep-dbgsym": "2:8.38-3",
            "libpcre16-3": "2:8.38-3",
            "libpcrecpp0v5-dbgsym": "2:8.38-3",
            "libpcre3-dbg": "2:8.38-3",
            "libpcre3": "2:8.38-3",
            "libpcre32-3-dbgsym": "2:8.38-3",
            "libpcre3-udeb": "2:8.38-3",
            "libpcre3-dev-dbgsym": "2:8.38-3",
            "libpcre3-dbgsym": "2:8.38-3",
            "libpcre3-udeb-dbgsym": "2:8.38-3",
            "pcregrep": "2:8.38-3",
            "libpcre16-3-dbgsym": "2:8.38-3",
            "libpcre3-dev": "2:8.38-3",
            "libpcrecpp0v5": "2:8.38-3"
        }
    ]
}