CVE-2015-2326MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html
https://bugs.exim.org/show_bug.cgi?id=1592
Details
Source: MITRE
Published: 2020-01-14
Updated: 2020-01-24
Type: CWE-125
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 98802 | PHP 5.6.x < 5.6.10 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | critical |
| 106495 | pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam) | Nessus | Firewalls | critical |
| 90306 | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : pcre3 vulnerabilities (USN-2943-1) | Nessus | Ubuntu Local Security Checks | critical |
| 85566 | Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06) | Nessus | Misc. | critical |
| 85122 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : pcre3 vulnerabilities (USN-2694-1) | Nessus | Ubuntu Local Security Checks | critical |
| 84913 | SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM) | Nessus | SuSE Local Security Checks | high |
| 84830 | Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM) | Nessus | Slackware Local Security Checks | critical |
| 84658 | openSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam) | Nessus | SuSE Local Security Checks | high |
| 84625 | Amazon Linux AMI : php56 (ALAS-2015-563) | Nessus | Amazon Linux Local Security Checks | critical |
| 84624 | Amazon Linux AMI : php55 (ALAS-2015-562) | Nessus | Amazon Linux Local Security Checks | critical |
| 84364 | PHP 5.6.x < 5.6.10 Multiple Vulnerabilities | Nessus | CGI abuses | critical |
| 84363 | PHP 5.5.x < 5.5.26 Multiple Vulnerabilities | Nessus | CGI abuses | critical |
| 84362 | PHP 5.4.x < 5.4.42 Multiple Vulnerabilities | Nessus | CGI abuses | critical |
| 8787 | PHP 5.5.x < 5.5.26 / 5.6.x < 5.6.10 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 8786 | PHP 5.6.x < 5.6.9 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 84127 | Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02) | Nessus | Slackware Local Security Checks | high |
| 83975 | Amazon Linux AMI : php56 (ALAS-2015-536) | Nessus | Amazon Linux Local Security Checks | high |
| 83973 | Amazon Linux AMI : php54 (ALAS-2015-534) | Nessus | Amazon Linux Local Security Checks | high |
| 83795 | FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0) | Nessus | FreeBSD Local Security Checks | high |
| 83519 | PHP 5.6.x < 5.6.9 Multiple Vulnerabilities | Nessus | CGI abuses | critical |
| 83517 | PHP 5.4.x < 5.4.41 Multiple Vulnerabilities | Nessus | CGI abuses | critical |
| 83392 | openSUSE Security Update : pcre (openSUSE-2015-353) | Nessus | SuSE Local Security Checks | high |