PCRE pcre_exec Function Denial of Service Vulnerability (CVE-2015-8380)
PCRE pcre_exec Function Denial of Service Vulnerability (CVE-2015-8380)
Release date:
Updated on:
Affected Systems:
PCRE <8.36
Description:
CVE (CAN) ID: CVE-2015-8380
PCRE is a Perl library, including a perl-Compatible Regular Expression Library.
In versions earlier than PCRE 8.38, The pcre_exec function of pcre_exec.c has a vulnerability in processing // modes containing \ 01 strings. By constructing regular expressions, remote attackers can exploit this vulnerability to cause DoS (heap buffer overflow ).
<* Source: Hanno B & #246; ck
*>
Suggestion:
Vendor patch:
PCRE
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://bugs.exim.org/show_bug.cgi? Id = 1637
Http://vcs.pcre.org/pcre/code/trunk/ChangeLog? View = markup
PCRE details: click here
PCRE: click here
This article permanently updates the link address: