957567 – (CVE-2015-2327) VUL-0: CVE-2015-2327: pcre: mishandling of patterns with backreferences

Bug 957567 (CVE-2015-2327) - VUL-0: CVE-2015-2327: pcre: mishandling of patterns with backreferences

Summary: VUL-0: CVE-2015-2327: pcre: mishandling of patterns with backreferences

Status:	RESOLVED FIXED

Alias:	CVE-2015-2327

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/159343/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-12-02 12:35 UTC by Marcus Meissner
Modified:	2020-04-30 13:32 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
POC (25 bytes, text/x-ms-regedit) 2020-04-30 13:32 UTC, Alexandros Toptsoglou	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-12-02 12:35:12 UTC

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2327

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

https://bugs.exim.org/show_bug.cgi?id=1503

Comment 1 Swamp Workflow Management 2015-12-02 23:00:38 UTC

bugbot adjusting priority

Comment 3 Swamp Workflow Management 2016-12-02 15:09:19 UTC

SUSE-SU-2016:2971-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127
CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Server 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Server 12-SP1 (src):    pcre-8.39-5.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise High Availability 12-SP1 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    pcre-8.39-5.1

Comment 4 Swamp Workflow Management 2016-12-12 18:13:04 UTC

openSUSE-SU-2016:3099-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127
CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191
Sources used:
openSUSE Leap 42.2 (src):    pcre-8.39-6.1
openSUSE Leap 42.1 (src):    pcre-8.39-5.1

Comment 5 Swamp Workflow Management 2016-12-15 15:09:08 UTC

SUSE-SU-2016:3161-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127
CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server for SAP 12 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server 12-SP1 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server 12-LTSS (src):    pcre-8.39-7.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise High Availability 12-SP1 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    pcre-8.39-7.1

Comment 6 Stephan Kulow 2017-05-24 17:53:15 UTC

Looks done to me, but evaluate yourself - I have no intent to work on this

Comment 7 Alexandros Toptsoglou 2020-04-30 13:32:32 UTC

SLE11 seems not affected the POC does not produce any overflow. closing

Comment 8 Alexandros Toptsoglou 2020-04-30 13:32:45 UTC

Created attachment 837197 [details]
POC