F5 Networks BIG-IP : PCRE library vulnerability (K17331)
Medium Nessus Plugin ID 97531
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionHeap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. (CVE-2015-5073)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K17331.