PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "2:8.38-3", "binary_name": "libpcre16-3" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre16-3-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-dbg" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-dev" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-dev-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-udeb" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-udeb-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre32-3" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre32-3-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcrecpp0v5" }, { "binary_version": "2:8.38-3", "binary_name": "libpcrecpp0v5-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "pcregrep" }, { "binary_version": "2:8.38-3", "binary_name": "pcregrep-dbgsym" } ] }