PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
{ "binaries": [ { "binary_name": "libpcre16-3", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre16-3-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-dbg", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-dev", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-dev-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-udeb", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-udeb-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre32-3", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre32-3-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcrecpp0v5", "binary_version": "2:8.38-3" }, { "binary_name": "libpcrecpp0v5-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "pcregrep", "binary_version": "2:8.38-3" }, { "binary_name": "pcregrep-dbgsym", "binary_version": "2:8.38-3" } ], "ubuntu_priority": "low", "availability": "No subscription required" }