CVE-2014-8964

MEDIUM

Description

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

References

http://advisories.mageia.org/MGASA-2014-0534.html

http://bugs.exim.org/show_bug.cgi?id=1546

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html

http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html

http://rhn.redhat.com/errata/RHSA-2015-0330.html

http://www.exim.org/viewvc/pcre?view=revision&revision=1513

http://www.mandriva.com/security/advisories?name=MDVSA-2015:002

http://www.mandriva.com/security/advisories?name=MDVSA-2015:137

http://www.openwall.com/lists/oss-security/2014/11/21/6

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/bid/71206

https://bugzilla.redhat.com/show_bug.cgi?id=1166147

https://security.gentoo.org/glsa/201607-02

Details

Source: MITRE

Published: 2014-12-16

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:pcre:perl_compatible_regular_expression_library:*:*:*:*:*:*:*:* versions up to 8.36 (inclusive)

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
125102EulerOS Virtualization 3.0.1.0 : pcre (EulerOS-SA-2019-1558)NessusHuawei Local Security Checks
high
122243MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongodNessusDatabases
high
95915SUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:3161-1)NessusSuSE Local Security Checks
high
95754openSUSE Security Update : pcre (openSUSE-2016-1448)NessusSuSE Local Security Checks
high
95534SUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:2971-1)NessusSuSE Local Security Checks
high
91983GLSA-201607-02 : libpcre: Multiple VulnerabilitiesNessusGentoo Local Security Checks
high
85122Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : pcre3 vulnerabilities (USN-2694-1)NessusUbuntu Local Security Checks
high
84913SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)NessusSuSE Local Security Checks
medium
84658openSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)NessusSuSE Local Security Checks
high
83880Amazon Linux AMI : pcre (ALAS-2015-528)NessusAmazon Linux Local Security Checks
medium
83392openSUSE Security Update : pcre (openSUSE-2015-353)NessusSuSE Local Security Checks
medium
82390Mandriva Linux Security Advisory : pcre (MDVSA-2015:137)NessusMandriva Local Security Checks
medium
82259Scientific Linux Security Update : pcre on SL7.x x86_64 (20150305)NessusScientific Linux Local Security Checks
medium
81890CentOS 7 : pcre (CESA-2015:0330)NessusCentOS Local Security Checks
medium
81723Oracle Linux 7 : pcre (ELSA-2015-0330)NessusOracle Linux Local Security Checks
medium
81631RHEL 7 : pcre (RHSA-2015:0330)NessusRed Hat Local Security Checks
medium
80383Mandriva Linux Security Advisory : pcre (MDVSA-2015:002)NessusMandriva Local Security Checks
medium
80381Fedora 21 : mingw-pcre-8.35-1.fc21 (2014-17642)NessusFedora Local Security Checks
medium
80380Fedora 19 : mingw-pcre-8.33-4.fc19 (2014-17626)NessusFedora Local Security Checks
medium
80379Fedora 20 : mingw-pcre-8.33-4.fc20 (2014-17624)NessusFedora Local Security Checks
medium
80129Fedora 19 : pcre-8.32-12.fc19 (2014-16224)NessusFedora Local Security Checks
medium
80128Fedora 20 : pcre-8.33-8.fc20 (2014-16215)NessusFedora Local Security Checks
medium
79899Fedora 21 : pcre-8.35-8.fc21 (2014-15573)NessusFedora Local Security Checks
medium