Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcre3" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcre3-dbg" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcre3-dbgsym" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcre3-dev" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcre3-dev-dbgsym" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcre3-udeb" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcre3-udeb-dbgsym" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcrecpp0" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "libpcrecpp0-dbgsym" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "pcregrep" }, { "binary_version": "1:8.31-2ubuntu2.1", "binary_name": "pcregrep-dbgsym" } ] }