CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2015-8389

CVSS 9.8v3.1pub. 2015-12-02upd. 2026-05-06

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fedora Project Fedora

    OS
    Fedoraproject
    22
  • Pcre Perl Compatible Regular Expression Library

    APP
    Pcre
    ≤ 8.37
  • PHP

    APP
    Php
    5.5.0 – 5.5.32 (bez)5.6.0 – 5.6.18 (bez)7.0.0 – 7.0.3 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox

CVE-2023-6345CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Integer overflow w Skia w Google Chrome — sandbox escape