Description

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Remediation

References

CVE-2015-8390

Related Vulnerabilities

Ext JS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2007-6758)

IBM WebSEAL Use of Hard-coded Credentials Vulnerability (CVE-2018-1887)

WordPress Plugin WangGuard Multiple Vulnerabilities (1.7.2)

MySQL CVE-2020-2584 Vulnerability (CVE-2020-2584)

Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)

Severity

Critical

Classification

CVE-2015-8390 CWE-908 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities