Description

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Remediation

References

CVE-2016-1283

Related Vulnerabilities

WordPress Plugin Contact Form Manager Multiple Vulnerabilities (1.4.4)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-0738)

Oracle HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2022-25313)

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22522)

Oracle Application Server CVE-2010-0067 Vulnerability (CVE-2010-0067)

Severity

Critical

Classification

CVE-2016-1283 CWE-119 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities