Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

Related bugs and status

CVE-2015-2326 (Candidate) is related to these bugs:

Bug #1823667: SRU: pcre3 ftbfs with cosmic toolchain updates

Summary				In	Importance	Status
	1823667	SRU: pcre3 ftbfs with cosmic toolchain updates		pcre3 (Ubuntu)	High	Fix Released
	1823667	SRU: pcre3 ftbfs with cosmic toolchain updates		pcre3 (Ubuntu Cosmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.pcre.org/o...
MISC: http://lists.opensuse....
MISC: https://bugs.exim.org/...
MISC: https://fortiguard.com...