RHSA-2016:1025

RHSA-2016:2750

http://vcs.pcre.org/pcre?view=revision&revision=1566

[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

75018

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886

RHSA-2016:1132

https://bugs.exim.org/show_bug.cgi?id=1638

https://bugzilla.redhat.com/show_bug.cgi?id=1228283

According to the versions of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10     mishandle group empty matches, which might allow remote     attackers to cause a denial of service (stack-based     buffer overflow) via a crafted regular expression, as     demonstrated by     /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.(CVE-2015-3217)

  - Heap-based buffer overflow in the find_fixedlength     function in pcre_compile.c in PCRE before 8.38 allows     remote attackers to cause a denial of service (crash)     or obtain sensitive information from heap memory and     possibly bypass the ASLR protection mechanism via a     crafted regular expression with an excess closing     parenthesis.(CVE-2015-5073)

  - The keyfile settings backend in GNOME GLib (aka     glib2.0) before 2.60.0 creates directories using     g_file_make_directory_with_parents (kfsb->dir, NULL,     NULL) and files using g_file_replace_contents     (kfsb->file, contents, length, NULL, FALSE,     G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).
    Consequently, it does not properly restrict directory     (and file) permissions. Instead, for directories, 0777     permissions are used for files, default file     permissions are used. This is similar to     CVE-2019-12450.(CVE-2019-13012)

  - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0     through 2.61.1 does not properly restrict file     permissions while a copy operation is in progress.
    Instead, default permissions are used.(CVE-2019-12450)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the pcre packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/     pattern and related patterns with certain recursion,     which allows remote attackers to cause a denial of     service (segmentation fault) or possibly have     unspecified other impact via a crafted regular     expression, as demonstrated by a JavaScript RegExp     object encountered by Konqueror.(CVE-2015-2328)

  - PCRE before 8.38 mishandles the : and \\\\ substrings     in character classes, which allows remote attackers to     cause a denial of service (uninitialized memory read)     or possibly have unspecified other impact via a crafted     regular expression, as demonstrated by a JavaScript     RegExp object encountered by Konqueror.(CVE-2015-8390)

  - Heap-based buffer overflow in the find_fixedlength     function in pcre_compile.c in PCRE before 8.38 allows     remote attackers to cause a denial of service (crash)     or obtain sensitive information from heap memory and     possibly bypass the ASLR protection mechanism via a     crafted regular expression with an excess closing     parenthesis.(CVE-2015-5073)

  - PCRE before 8.38 mishandles (?123) subroutine calls and     related subroutine calls, which allows remote attackers     to cause a denial of service (integer overflow) or     possibly have unspecified other impact via a crafted     regular expression, as demonstrated by a JavaScript     RegExp object encountered by Konqueror.(CVE-2015-8387)

  - The pcre_exec function in pcre_exec.c in PCRE before     8.38 mishandles a // pattern with a \\01 string, which     allows remote attackers to cause a denial of service     (heap-based buffer overflow) or possibly have     unspecified other impact via a crafted regular     expression, as demonstrated by a JavaScript RegExp     object encountered by Konqueror.(CVE-2015-8380)

  - The compile_branch function in pcre_compile.c in PCRE     8.x before 8.39 and pcre2_compile.c in PCRE2 before     10.22 mishandles patterns containing an (*ACCEPT)     substring in conjunction with nested parentheses, which     allows remote attackers to execute arbitrary code or     cause a denial of service (stack-based buffer overflow)     via a crafted regular expression, as demonstrated by a     JavaScript RegExp object encountered by Konqueror, aka     ZDI-CAN-3542.(CVE-2016-3191)

  - The pcre_compile function in pcre_compile.c in PCRE     before 8.38 mishandles certain : nesting, which allows     remote attackers to cause a denial of service (CPU     consumption) or possibly have unspecified other impact     via a crafted regular expression, as demonstrated by a     JavaScript RegExp object encountered by     Konqueror.(CVE-2015-8391)

  - PCRE before 8.36 mishandles the     /(((a\\2)|(a*)\\gi1/4oe-1i1/4z))*/ pattern and related     patterns with certain internal recursive back     references, which allows remote attackers to cause a     denial of service (segmentation fault) or possibly have     unspecified other impact via a crafted regular     expression, as demonstrated by a JavaScript RegExp     object encountered by Konqueror.(CVE-2015-2327)

  - PCRE before 8.38 mishandles the (?(i1/4oedigitsi1/4z) and     (?(Ri1/4oedigitsi1/4z) conditions, which allows remote     attackers to cause a denial of service (integer     overflow) or possibly have unspecified other impact via     a crafted regular expression, as demonstrated by a     JavaScript RegExp object encountered by     Konqueror.(CVE-2015-8394)

  - PCRE before 8.38 mishandles the     /(?=di(?i1/4oe=(?1))|(?=(.))))/ pattern and related     patterns with an unmatched closing parenthesis, which     allows remote attackers to cause a denial of service     (buffer overflow) or possibly have unspecified other     impact via a crafted regular expression, as     demonstrated by a JavaScript RegExp object encountered     by Konqueror.(CVE-2015-8388)

  - PCRE before 8.38 mishandles the interaction of     lookbehind assertions and mutually recursive     subpatterns, which allows remote attackers to cause a     denial of service (buffer overflow) or possibly have     unspecified other impact via a crafted regular     expression, as demonstrated by a JavaScript RegExp     object encountered by Konqueror.(CVE-2015-8386)

  - PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10     mishandle group empty matches, which might allow remote     attackers to cause a denial of service (stack-based     buffer overflow) via a crafted regular expression, as     demonstrated by     /^(?:(?(1)\\\\.|(^\\\\\\\\W_)?)+)+$/.(CVE-2015-3217)

  - PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/     pattern and related patterns with certain forward     references, which allows remote attackers to cause a     denial of service (buffer overflow) or possibly have     unspecified other impact via a crafted regular     expression, as demonstrated by a JavaScript RegExp     object encountered by Konqueror.(CVE-2015-8385)

  - A flaw was found in the way PCRE handled certain     malformed regular expressions. This issue could cause     an application (for example, Konqueror) linked against     PCRE to crash while parsing malicious regular     expressions.(CVE-2014-8964)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the pcre packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Multiple flaws were found in the way PCRE handled     malformed regular expressions. An attacker able to make     an application using PCRE process a specially crafted     regular expression could use these flaws to cause the     application to crash or, possibly, execute arbitrary     code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328,     CVE-2015-3217, CVE-2015-5073, CVE-2015-8388,     CVE-2015-8391, CVE-2015-8386)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed :

  - CVE-2014-8964: Heap-based buffer overflow in PCRE     allowed remote attackers to cause a denial of service     (crash) or have other unspecified impact via a crafted     regular expression, related to an assertion that allows     zero repeats (bsc#906574).

  - CVE-2015-2325: Heap buffer overflow in compile_branch()     (bsc#924960).

  - CVE-2015-3210: Heap buffer overflow in pcre_compile2() /     compile_regex() (bsc#933288)

  - CVE-2015-3217: PCRE Library Call Stack Overflow     Vulnerability in match() (bsc#933878).

  - CVE-2015-5073: Library Heap Overflow Vulnerability in     find_fixedlength() (bsc#936227).

  - bsc#942865: heap overflow in compile_regex()

  - CVE-2015-8380: The pcre_exec function in pcre_exec.c     mishandled a // pattern with a \01 string, which allowed     remote attackers to cause a denial of service     (heap-based buffer overflow) or possibly have     unspecified other impact via a crafted regular     expression, as demonstrated by a JavaScript RegExp     object encountered by Konqueror (bsc#957566).

  - CVE-2015-2327: PCRE mishandled certain patterns with     internal recursive back references, which allowed remote     attackers to cause a denial of service (segmentation     fault) or possibly have unspecified other impact via a     crafted regular expression, as demonstrated by a     JavaScript RegExp object encountered by Konqueror     (bsc#957567).

  - bsc#957598: Various security issues

  - CVE-2015-8381: Heap Overflow in compile_regex()     (bsc#957598).

  - CVE-2015-8382: Regular Expression Uninitialized Pointer     Information Disclosure Vulnerability     (ZDI-CAN-2547)(bsc#957598).

  - CVE-2015-8383: Buffer overflow caused by repeated     conditional group(bsc#957598).

  - CVE-2015-8384: Buffer overflow caused by recursive back     reference by name within certain group(bsc#957598).

  - CVE-2015-8385: Buffer overflow caused by forward     reference by name to certain group(bsc#957598).

  - CVE-2015-8386: Buffer overflow caused by lookbehind     assertion(bsc#957598).

  - CVE-2015-8387: Integer overflow in subroutine     calls(bsc#957598).

  - CVE-2015-8388: Buffer overflow caused by certain     patterns with an unmatched closing     parenthesis(bsc#957598).

  - CVE-2015-8389: Infinite recursion in JIT compiler when     processing certain patterns(bsc#957598).

  - CVE-2015-8390: Reading from uninitialized memory when     processing certain patterns(bsc#957598).

  - CVE-2015-8391: Some pathological patterns causes     pcre_compile() to run for a very long time(bsc#957598).

  - CVE-2015-8392: Buffer overflow caused by certain     patterns with duplicated named groups(bsc#957598).

  - CVE-2015-8393: Information leak when running pcgrep -q     on crafted binary(bsc#957598).

  - CVE-2015-8394: Integer overflow caused by missing check     for certain conditions(bsc#957598).

  - CVE-2015-8395: Buffer overflow caused by certain     references(bsc#957598).

  - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/     pattern and related patterns with certain recursion,     which allowed remote attackers to cause a denial of     service (segmentation fault) or possibly have     unspecified other impact via a crafted regular     expression (bsc#957600).

  - CVE-2016-1283: The pcre_compile2 function in     pcre_compile.c in PCRE mishandled certain patterns with     named subgroups, which allowed remote attackers to cause     a denial of service (heap-based buffer overflow) or     possibly have unspecified other impact via a crafted     regular expression (bsc#960837).

  - CVE-2016-3191: The compile_branch function in     pcre_compile.c in pcre2_compile.c mishandled patterns     containing an (*ACCEPT) substring in conjunction with     nested parentheses, which allowed remote attackers to     execute arbitrary code or cause a denial of service     (stack-based buffer overflow) via a crafted regular     expression (bsc#971741).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for pcre to version 8.39 (bsc#972127) fixes several issues.

If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version.

This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed :

  - CVE-2014-8964: Heap-based buffer overflow in PCRE     allowed remote attackers to cause a denial of service     (crash) or have other unspecified impact via a crafted     regular expression, related to an assertion that allows     zero repeats (bsc#906574).

  - CVE-2015-2325: Heap buffer overflow in compile_branch()     (bsc#924960).

  - CVE-2015-3210: Heap buffer overflow in pcre_compile2() /     compile_regex() (bsc#933288)

  - CVE-2015-3217: PCRE Library Call Stack Overflow     Vulnerability in match() (bsc#933878).

  - CVE-2015-5073: Library Heap Overflow Vulnerability in     find_fixedlength() (bsc#936227).

  - bsc#942865: heap overflow in compile_regex()

  - CVE-2015-8380: The pcre_exec function in pcre_exec.c     mishandled a // pattern with a \01 string, which allowed     remote attackers to cause a denial of service     (heap-based buffer overflow) or possibly have     unspecified other impact via a crafted regular     expression, as demonstrated by a JavaScript RegExp     object encountered by Konqueror (bsc#957566).

  - CVE-2015-2327: PCRE mishandled certain patterns with     internal recursive back references, which allowed remote     attackers to cause a denial of service (segmentation     fault) or possibly have unspecified other impact via a     crafted regular expression, as demonstrated by a     JavaScript RegExp object encountered by Konqueror     (bsc#957567).

  - bsc#957598: Various security issues 

  - CVE-2015-8381: Heap Overflow in compile_regex()     (bsc#957598).

  - CVE-2015-8382: Regular Expression Uninitialized Pointer     Information Disclosure Vulnerability     (ZDI-CAN-2547)(bsc#957598).

  - CVE-2015-8383: Buffer overflow caused by repeated     conditional group(bsc#957598).

  - CVE-2015-8384: Buffer overflow caused by recursive back     reference by name within certain group(bsc#957598).

  - CVE-2015-8385: Buffer overflow caused by forward     reference by name to certain group(bsc#957598).

  - CVE-2015-8386: Buffer overflow caused by lookbehind     assertion(bsc#957598).

  - CVE-2015-8387: Integer overflow in subroutine     calls(bsc#957598).

  - CVE-2015-8388: Buffer overflow caused by certain     patterns with an unmatched closing     parenthesis(bsc#957598).

  - CVE-2015-8389: Infinite recursion in JIT compiler when     processing certain patterns(bsc#957598).

  - CVE-2015-8390: Reading from uninitialized memory when     processing certain patterns(bsc#957598).

  - CVE-2015-8391: Some pathological patterns causes     pcre_compile() to run for a very long time(bsc#957598).

  - CVE-2015-8392: Buffer overflow caused by certain     patterns with duplicated named groups(bsc#957598).

  - CVE-2015-8393: Information leak when running pcgrep -q     on crafted binary(bsc#957598).

  - CVE-2015-8394: Integer overflow caused by missing check     for certain conditions(bsc#957598).

  - CVE-2015-8395: Buffer overflow caused by certain     references(bsc#957598).

  - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/     pattern and related patterns with certain recursion,     which allowed remote attackers to cause a denial of     service (segmentation fault) or possibly have     unspecified other impact via a crafted regular     expression (bsc#957600).

  - CVE-2016-1283: The pcre_compile2 function in     pcre_compile.c in PCRE mishandled certain patterns with     named subgroups, which allowed remote attackers to cause     a denial of service (heap-based buffer overflow) or     possibly have unspecified other impact via a crafted     regular expression (bsc#960837).

  - CVE-2016-3191: The compile_branch function in     pcre_compile.c in pcre2_compile.c mishandled patterns     containing an (*ACCEPT) substring in conjunction with     nested parentheses, which allowed remote attackers to     execute arbitrary code or cause a denial of service     (stack-based buffer overflow) via a crafted regular     expression (bsc#971741).

These non-security issues were fixed :

  - JIT compiler improvements

  - performance improvements

  - The Unicode data tables have been updated to Unicode     7.0.0.

This update was imported from the SUSE:SLE-12:Update update project.

This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code.

  - Update to PCRE 8.39 FATE#320298 boo#972127.

  - CVE-2015-3210: heap buffer overflow in pcre_compile2() /     compile_regex() (boo#933288)

  - CVE-2015-3217: pcre: PCRE Library Call Stack Overflow     Vulnerability in match() (boo#933878)

  - CVE-2015-5073: pcre: Library Heap Overflow Vulnerability     in find_fixedlength() (boo#936227)

  - boo#942865: heap overflow in compile_regex()

  - CVE-2015-8380: pcre: heap overflow in pcre_exec     (boo#957566)

  - boo#957598: various security issues fixed in pcre 8.37     and 8.38 release

  - CVE-2016-1283: pcre: Heap buffer overflow in     pcre_compile2 causes DoS (boo#960837)

  - CVE-2016-3191: pcre: workspace overflow for (*ACCEPT)     with deeply nested parentheses (boo#971741)

CVE-2015-8395 PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.

CVE-2015-8394 PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8392 PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.

CVE-2015-8391 The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8390 PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8389 PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8388 PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8387 PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8386 PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8385 PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8384 PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.

CVE-2015-8383 PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8382 The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT )))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

CVE-2015-8381 The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf )|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-8380 The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-2328 PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-2327 PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2015-3217 PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

An update for pcre is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

PCRE is a Perl-compatible regular expression library.

Security Fix(es) :

* Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388, CVE-2015-8391, CVE-2015-8386)

Security Fix(es) :

  - Multiple flaws were found in the way PCRE handled     malformed regular expressions. An attacker able to make     an application using PCRE process a specially crafted     regular expression could use these flaws to cause the     application to crash or, possibly, execute arbitrary     code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328,     CVE-2015-3217, CVE-2015-5073, CVE-2015-8388,     CVE-2015-8391, CVE-2015-8386)

From Red Hat Security Advisory 2016:1025 :

An update for pcre is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

PCRE is a Perl-compatible regular expression library.

Security Fix(es) :

* Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388, CVE-2015-8391, CVE-2015-8386)

Venustech ADLAB reports :

PCRE library is prone to a vulnerability which leads to Heap Overflow.
During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex.

PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside match(), the stack memory could be overflowed via a crafted regular expression.

ID	Name	Product	Family	Severity
137496	EulerOS 2.0 SP2 : glib2 (EulerOS-SA-2020-1654)	Nessus	Huawei Local Security Checks	high
125102	EulerOS Virtualization 3.0.1.0 : pcre (EulerOS-SA-2019-1558)	Nessus	Huawei Local Security Checks	high
99786	EulerOS 2.0 SP1 : pcre (EulerOS-SA-2016-1023)	Nessus	Huawei Local Security Checks	high
95915	SUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:3161-1)	Nessus	SuSE Local Security Checks	high
95754	openSUSE Security Update : pcre (openSUSE-2016-1448)	Nessus	SuSE Local Security Checks	high
95534	SUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:2971-1)	Nessus	SuSE Local Security Checks	high
94906	openSUSE Security Update : pcre (openSUSE-2016-1303)	Nessus	SuSE Local Security Checks	high
92667	F5 Networks BIG-IP : Multiple PCRE vulnerabilities (K20225390)	Nessus	F5 Networks Local Security Checks	high
91104	CentOS 7 : pcre (CESA-2016:1025)	Nessus	CentOS Local Security Checks	high
91081	Scientific Linux Security Update : pcre on SL7.x x86_64 (20160511)	Nessus	Scientific Linux Local Security Checks	high
91078	RHEL 7 : pcre (RHSA-2016:1025)	Nessus	Red Hat Local Security Checks	high
91072	Oracle Linux 7 : pcre (ELSA-2016-1025)	Nessus	Oracle Linux Local Security Checks	high
84011	FreeBSD : pcre -- multiple vulnerabilities (e69af246-0ae2-11e5-90e4-d050996490d0)	Nessus	FreeBSD Local Security Checks	high

CVE-2015-3217

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high