Skip to main content

Perl Compatible Regular Expression Library CVE-2015-8393

HIGH
Information Exposure (CWE-200)
2015-12-02 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 02, 2015 - 01:59 cve.org
HIGH 7.5

DescriptionCVE.org

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

AnalysisAI

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. Affected products include: Pcre Perl Compatible Regular Expression Library, Fedoraproject Fedora, Php. Version information: before 8.38.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2015-8381 HIGH POC
7.5 Dec 02

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles th

CVE-2015-2327 HIGH POC
7.5 Dec 02

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive bac

CVE-2015-8380 HIGH POC
7.5 Dec 02

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote

CVE-2015-8386 CRITICAL
9.8 Dec 02

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows re

CVE-2015-8382 MEDIUM POC
6.4 Dec 02

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcde

CVE-2015-8390 CRITICAL
9.8 Dec 02

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a deni

CVE-2015-8389 CRITICAL
9.8 Dec 02

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a d

CVE-2015-8383 CRITICAL
9.8 Dec 02

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of serv

CVE-2015-8394 CRITICAL
9.8 Dec 02

PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a deni

CVE-2015-8385 HIGH
7.5 Dec 02

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, whi

CVE-2015-8392 HIGH
7.5 Dec 02

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of s

CVE-2015-8388 HIGH
7.5 Dec 02

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parent

Share

CVE-2015-8393 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy