Description

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Remediation

References

CVE-2015-8386

Related Vulnerabilities

WordPress Plugin Jock on air now Multiple Vulnerabilities (5.6.1)

WordPress Plugin Events Manager CSV Injection (5.9.7.1)

WordPress Plugin Profile Builder Pro Security Bypass (3.1.0)

Oracle Database Server CVE-2020-2734 Vulnerability (CVE-2020-2734)

WordPress Plugin Ecwid Ecommerce Shopping Cart Cross-Site Request Forgery (6.10.23)

Severity

Critical

Classification

CVE-2015-8386 CWE-119 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities