CVE-2016-1283

Description

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Affected packages (3)

• Alpine/pcrefrom 0, < 8.38-r1
• Alpine/php5from 0, < 5.6.32-r0
• Debian/pcre3from 0, < 2:8.38-3.1

CVSS scores

References (2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-1283
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-1283