CVE-2015-3210
9.8
CRITICAL
CVSS 3.1
EPSS 5.7%
Description
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
How to fix CVE-2015-3210
To remediate CVE-2015-3210, upgrade the affected package to a fixed version below.
- Debian/pcre3—upgrade to 2:8.35-7.2 or later
Is CVE-2015-3210 being exploited?
Moderate — EPSS is 5.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2:8.35-7.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |