CVE-2016-3191
CRITICALPCRE < 8.39 and PCRE2 < 10.22 - Stack-Based Buffer Overflow via (*ACCEPT) Pattern Handling
Title source: llmDescription
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/84810
Various Sources x_refsource_confirm
http://vcs.pcre.org/pcre2?view=revision&revision=489
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1132
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1025.html
Issue Tracking x_refsource_confirm
https://bugs.debian.org/815921
Issue Tracking x_refsource_confirm
https://bugs.debian.org/815920
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Exploit x_refsource_confirm
https://bugs.exim.org/show_bug.cgi?id=1791
Various Sources x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa128
Various Sources x_refsource_confirm
http://vcs.pcre.org/pcre?view=revision&revision=1631
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2016-18
Scores
CVSS v3
9.8
EPSS
0.0843
EPSS Percentile
94.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (19)
pcre/pcre
8.00
pcre/pcre
8.01
pcre/pcre
8.02
pcre/pcre
8.10
pcre/pcre
8.11
pcre/pcre
8.12
pcre/pcre
8.13
pcre/pcre
8.20
pcre/pcre
8.21
pcre/pcre
8.30
... and 9 more
Published
Mar 17, 2016
Tracked Since
Feb 18, 2026