CVE-2016-3191

CRITICAL

PCRE < 8.39 and PCRE2 < 10.22 - Stack-Based Buffer Overflow via (*ACCEPT) Pattern Handling

Title source: llm
STIX 2.1

Description

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84810
Various Sources x_refsource_confirm
http://vcs.pcre.org/pcre2?view=revision&revision=489
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1132
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1025.html
Issue Tracking x_refsource_confirm
https://bugs.debian.org/815921
Issue Tracking x_refsource_confirm
https://bugs.debian.org/815920
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Exploit x_refsource_confirm
https://bugs.exim.org/show_bug.cgi?id=1791
Various Sources x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa128
Various Sources x_refsource_confirm
http://vcs.pcre.org/pcre?view=revision&revision=1631
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2016-18

Scores

CVSS v3 9.8
EPSS 0.0843
EPSS Percentile 94.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (19)
pcre/pcre 8.00
pcre/pcre 8.01
pcre/pcre 8.02
pcre/pcre 8.10
pcre/pcre 8.11
pcre/pcre 8.12
pcre/pcre 8.13
pcre/pcre 8.20
pcre/pcre 8.21
pcre/pcre 8.30
... and 9 more
Published Mar 17, 2016
Tracked Since Feb 18, 2026