Description
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html
Exploit, Issue Tracking, Permissions Required, Third Party Advisory x_refsource_misc
https://bugs.exim.org/show_bug.cgi?id=1591
Release Notes, Vendor Advisory x_refsource_confirm
https://www.pcre.org/original/changelog.txt
Third Party Advisory x_refsource_misc
https://fortiguard.com/zeroday/FG-VD-15-015
Scores
CVSS v3
7.8
EPSS
0.0047
EPSS Percentile
64.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
CWE-787
Status
published
Products (5)
mariadb/mariadb
< 10.0.18
opensuse/opensuse
13.1
opensuse/opensuse
13.2
pcre/pcre
< 8.37
php/php
5.4.0 - 5.4.41
Published
Jan 14, 2020
Tracked Since
Feb 18, 2026