CVE-2015-8385

Description

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

How to fix CVE-2015-8385

To remediate CVE-2015-8385, upgrade the affected package to a fixed version below.

• Debian/pcre3—upgrade to 2:8.38-1 or later

Is CVE-2015-8385 being exploited?

Moderate — EPSS is 5.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2:8.38-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-8385