CVE-2015-8393

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html

http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup

http://www.openwall.com/lists/oss-security/2015/11/29/1

http://www.securityfocus.com/bid/82990

https://bto.bluecoat.com/security-advisory/sa128

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://security.gentoo.org/glsa/201607-02

Details

Source: MITRE

Published: 2015-12-02

Updated: 2017-07-01

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:pcre:perl_compatible_regular_expression_library:*:*:*:*:*:*:*:* versions up to 8.37 (inclusive)

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
135647EulerOS Virtualization 3.0.2.2 : pcre (EulerOS-SA-2020-1485)NessusHuawei Local Security Checks
medium
134508EulerOS Virtualization for ARM 64 3.0.2.0 : pcre (EulerOS-SA-2020-1219)NessusHuawei Local Security Checks
medium
132181EulerOS 2.0 SP3 : pcre (EulerOS-SA-2019-2646)NessusHuawei Local Security Checks
high
131639EulerOS 2.0 SP2 : pcre (EulerOS-SA-2019-2486)NessusHuawei Local Security Checks
medium
130642EulerOS 2.0 SP5 : pcre (EulerOS-SA-2019-2180)NessusHuawei Local Security Checks
medium
98848PHP 7.0.x < 7.0.3 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
98807PHP 5.6.x < 5.6.18 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
95915SUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:3161-1)NessusSuSE Local Security Checks
critical
95754openSUSE Security Update : pcre (openSUSE-2016-1448)NessusSuSE Local Security Checks
critical
95534SUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:2971-1)NessusSuSE Local Security Checks
critical
94345F5 Networks BIG-IP : pcregrep in PCRE vulnerability (K05428062)NessusF5 Networks Local Security Checks
medium
93343Tenable SecurityCenter < 5.3.0 Multiple Vulnerabilities (TNS-2016-04)NessusMisc.
medium
91983GLSA-201607-02 : libpcre: Multiple VulnerabilitiesNessusGentoo Local Security Checks
critical
90306Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : pcre3 vulnerabilities (USN-2943-1)NessusUbuntu Local Security Checks
critical
89647Fedora 23 : mingw-pcre-8.38-1.fc23 (2016-fd1199dbe2)NessusFedora Local Security Checks
critical
89641Fedora 22 : mingw-pcre-8.38-1.fc22 (2016-f59a8ff5d0)NessusFedora Local Security Checks
critical
89447Fedora 22 : pcre-8.38-1.fc22 (2015-eb896290d3)NessusFedora Local Security Checks
high
9093PHP 5.5.x < 5.5.32 / 5.6.x < 5.6.18 / 7.0.x < 7.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
88695PHP 7.0.x < 7.0.3 Multiple VulnerabilitiesNessusCGI abuses
critical
88694PHP 5.6.x < 5.6.18 Multiple VulnerabilitiesNessusCGI abuses
critical
88693PHP 5.5.x < 5.5.32 Multiple VulnerabilitiesNessusCGI abuses
critical
88671FreeBSD : php -- multiple vulnerabilities (85eb4e46-cf16-11e5-840f-485d605f4717)NessusFreeBSD Local Security Checks
critical