Vulnerabilities > CVE-2015-8393 - Information Exposure vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
pcre
fedoraproject
php
CWE-200
nessus

Summary

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-F59A8FF5D0.NASL
    descriptionUpdate to 8.38 and fix various CVE
    last seen2020-06-05
    modified2016-03-04
    plugin id89641
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89641
    titleFedora 22 : mingw-pcre-8.38-1.fc22 (2016-f59a8ff5d0)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2016-f59a8ff5d0.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89641);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-3210", "CVE-2015-5073", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8387", "CVE-2015-8388", "CVE-2015-8389", "CVE-2015-8390", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8393", "CVE-2015-8394", "CVE-2015-8395");
      script_xref(name:"FEDORA", value:"2016-f59a8ff5d0");
    
      script_name(english:"Fedora 22 : mingw-pcre-8.38-1.fc22 (2016-f59a8ff5d0)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 8.38 and fix various CVE's
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1236660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1237225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1249905"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1250947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1256453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287631"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287648"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287656"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287668"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287692"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287704"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287720"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177380.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?907fa31f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mingw-pcre package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-pcre");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC22", reference:"mingw-pcre-8.38-1.fc22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-pcre");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2486.NASL
    descriptionAccording to the version of the pcre packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.(CVE-2015-8393) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131639
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131639
    titleEulerOS 2.0 SP2 : pcre (EulerOS-SA-2019-2486)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131639);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2015-8393"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : pcre (EulerOS-SA-2019-2486)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the pcre packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerability :
    
      - pcregrep in PCRE before 8.38 mishandles the -q option
        for binary files, which might allow remote attackers to
        obtain sensitive information via a crafted file, as
        demonstrated by a CGI script that sends stdout data to
        a client.(CVE-2015-8393)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2486
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a3673840");
      script_set_attribute(attribute:"solution", value:
    "Update the affected pcre package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:pcre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:pcre-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["pcre-8.32-15.1.h4",
            "pcre-devel-8.32-15.1.h4"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1219.NASL
    descriptionAccording to the version of the pcre packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.(CVE-2015-8393) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134508
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134508
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : pcre (EulerOS-SA-2020-1219)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134508);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2015-8393"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : pcre (EulerOS-SA-2020-1219)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the pcre packages installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerability :
    
      - pcregrep in PCRE before 8.38 mishandles the -q option
        for binary files, which might allow remote attackers to
        obtain sensitive information via a crafted file, as
        demonstrated by a CGI script that sends stdout data to
        a client.(CVE-2015-8393)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1219
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?17288835");
      script_set_attribute(attribute:"solution", value:
    "Update the affected pcre package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:pcre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:pcre-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["pcre-8.32-17.h10",
            "pcre-devel-8.32-17.h10"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2971-1.NASL
    descriptionThis update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed : - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95534
    published2016-12-05
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95534
    titleSUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:2971-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:2971-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95534);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2014-8964", "CVE-2015-2325", "CVE-2015-2327", "CVE-2015-2328", "CVE-2015-3210", "CVE-2015-3217", "CVE-2015-5073", "CVE-2015-8380", "CVE-2015-8381", "CVE-2015-8382", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8387", "CVE-2015-8388", "CVE-2015-8389", "CVE-2015-8390", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8393", "CVE-2015-8394", "CVE-2015-8395", "CVE-2016-1283", "CVE-2016-3191");
      script_bugtraq_id(71206, 74934, 75018, 75175, 75430);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:2971-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for pcre to version 8.39 (bsc#972127) fixes several
    issues. If you use pcre extensively please be aware that this is an
    update to a new version. Please make sure that your software works
    with the updated version. This version fixes a number of
    vulnerabilities that affect pcre and applications using the libary
    when accepting untrusted input as regular expressions or as part
    thereof. Remote attackers could have caused the application to crash,
    disclose information or potentially execute arbitrary code. These
    security issues were fixed :
    
      - CVE-2014-8964: Heap-based buffer overflow in PCRE
        allowed remote attackers to cause a denial of service
        (crash) or have other unspecified impact via a crafted
        regular expression, related to an assertion that allows
        zero repeats (bsc#906574).
    
      - CVE-2015-2325: Heap buffer overflow in compile_branch()
        (bsc#924960).
    
      - CVE-2015-3210: Heap buffer overflow in pcre_compile2() /
        compile_regex() (bsc#933288)
    
      - CVE-2015-3217: PCRE Library Call Stack Overflow
        Vulnerability in match() (bsc#933878).
    
      - CVE-2015-5073: Library Heap Overflow Vulnerability in
        find_fixedlength() (bsc#936227).
    
      - bsc#942865: heap overflow in compile_regex()
    
      - CVE-2015-8380: The pcre_exec function in pcre_exec.c
        mishandled a // pattern with a \01 string, which allowed
        remote attackers to cause a denial of service
        (heap-based buffer overflow) or possibly have
        unspecified other impact via a crafted regular
        expression, as demonstrated by a JavaScript RegExp
        object encountered by Konqueror (bsc#957566).
    
      - CVE-2015-2327: PCRE mishandled certain patterns with
        internal recursive back references, which allowed remote
        attackers to cause a denial of service (segmentation
        fault) or possibly have unspecified other impact via a
        crafted regular expression, as demonstrated by a
        JavaScript RegExp object encountered by Konqueror
        (bsc#957567).
    
      - bsc#957598: Various security issues
    
      - CVE-2015-8381: Heap Overflow in compile_regex()
        (bsc#957598).
    
      - CVE-2015-8382: Regular Expression Uninitialized Pointer
        Information Disclosure Vulnerability
        (ZDI-CAN-2547)(bsc#957598).
    
      - CVE-2015-8383: Buffer overflow caused by repeated
        conditional group(bsc#957598).
    
      - CVE-2015-8384: Buffer overflow caused by recursive back
        reference by name within certain group(bsc#957598).
    
      - CVE-2015-8385: Buffer overflow caused by forward
        reference by name to certain group(bsc#957598).
    
      - CVE-2015-8386: Buffer overflow caused by lookbehind
        assertion(bsc#957598).
    
      - CVE-2015-8387: Integer overflow in subroutine
        calls(bsc#957598).
    
      - CVE-2015-8388: Buffer overflow caused by certain
        patterns with an unmatched closing
        parenthesis(bsc#957598).
    
      - CVE-2015-8389: Infinite recursion in JIT compiler when
        processing certain patterns(bsc#957598).
    
      - CVE-2015-8390: Reading from uninitialized memory when
        processing certain patterns(bsc#957598).
    
      - CVE-2015-8391: Some pathological patterns causes
        pcre_compile() to run for a very long time(bsc#957598).
    
      - CVE-2015-8392: Buffer overflow caused by certain
        patterns with duplicated named groups(bsc#957598).
    
      - CVE-2015-8393: Information leak when running pcgrep -q
        on crafted binary(bsc#957598).
    
      - CVE-2015-8394: Integer overflow caused by missing check
        for certain conditions(bsc#957598).
    
      - CVE-2015-8395: Buffer overflow caused by certain
        references(bsc#957598).
    
      - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/
        pattern and related patterns with certain recursion,
        which allowed remote attackers to cause a denial of
        service (segmentation fault) or possibly have
        unspecified other impact via a crafted regular
        expression (bsc#957600).
    
      - CVE-2016-1283: The pcre_compile2 function in
        pcre_compile.c in PCRE mishandled certain patterns with
        named subgroups, which allowed remote attackers to cause
        a denial of service (heap-based buffer overflow) or
        possibly have unspecified other impact via a crafted
        regular expression (bsc#960837).
    
      - CVE-2016-3191: The compile_branch function in
        pcre_compile.c in pcre2_compile.c mishandled patterns
        containing an (*ACCEPT) substring in conjunction with
        nested parentheses, which allowed remote attackers to
        execute arbitrary code or cause a denial of service
        (stack-based buffer overflow) via a crafted regular
        expression (bsc#971741).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=906574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=933288"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=933878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=942865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=957566"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=957567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=957598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=957600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=960837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=972127"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-8964/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2325/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2327/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2328/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3210/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3217/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5073/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8380/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8381/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8382/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8383/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8384/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8385/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8386/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8387/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8388/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8389/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8390/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8391/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8392/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8393/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8394/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8395/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1283/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3191/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20162971-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d6d2422d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
    SUSE-SLE-WE-12-SP2-2016-1744=1
    
    SUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch
    SUSE-SLE-WE-12-SP1-2016-1744=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2016-1744=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2016-1744=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2016-1744=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2016-1744=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2016-1744=1
    
    SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch
    SUSE-SLE-HA-12-SP2-2016-1744=1
    
    SUSE Linux Enterprise High Availability 12-SP1:zypper in -t patch
    SUSE-SLE-HA-12-SP1-2016-1744=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2016-1744=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2016-1744=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpcre1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpcre1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpcre16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpcre16-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpcrecpp0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpcrecpp0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pcre-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1/2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpcre1-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpcre1-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpcre16-0-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpcre16-0-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"pcre-debugsource-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpcre1-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpcre1-debuginfo-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libpcre1-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libpcre1-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libpcre16-0-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libpcre16-0-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"pcre-debugsource-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libpcre1-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libpcre1-debuginfo-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcre1-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcre1-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcre1-debuginfo-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcre1-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcre16-0-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcre16-0-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcrecpp0-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcrecpp0-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"pcre-debugsource-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcre1-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcre1-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcre1-debuginfo-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcre1-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcre16-0-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcre16-0-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcrecpp0-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcrecpp0-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-32bit-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libpcrecpp0-debuginfo-8.39-5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"pcre-debugsource-8.39-5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_85EB4E46CF1611E5840F485D605F4717.NASL
    descriptionPHP reports : - Core : - Fixed bug #71039 (exec functions ignore length but look for NULL termination). - Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input). - Fixed bug #71459 (Integer overflow in iptcembed()). - PCRE : - Upgraded bundled PCRE library to 8.38.(CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394) - Phar : - Fixed bug #71354 (Heap corruption in tar/zip/phar parser). - Fixed bug #71391 (NULL pointer Dereference in phar_tar_setupmetadata()). - Fixed bug #71488 (Stack overflow when decompressing tar archives). (CVE-2016-2554) - WDDX : - Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
    last seen2020-06-01
    modified2020-06-02
    plugin id88671
    published2016-02-10
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88671
    titleFreeBSD : php -- multiple vulnerabilities (85eb4e46-cf16-11e5-840f-485d605f4717)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3161-1.NASL
    descriptionThis update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed : - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95915
    published2016-12-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95915
    titleSUSE SLED12 / SLES12 Security Update : pcre (SUSE-SU-2016:3161-1)
  • NASL familyCGI abuses
    NASL idPHP_5_6_18.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.18. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions (PCRE) library is affected by multiple vulnerabilities related to the handling of regular expressions, subroutine calls, and binary files. A remote attacker can exploit these to cause a denial of service, obtain sensitive information, or have other unspecified impact. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394) - A flaw exists in file ext/standard/exec.c in the escapeshellcmd() and escapeshellarg() functions due to the program truncating NULL bytes in strings. A remote attacker can exploit this to bypass restrictions. - A flaw exists in file ext/standard/streamsfuncs.c in the stream_get_meta_data() function due to a failure to restrict writing user-supplied data to fields not already set. A remote attacker can exploit this to falsify the output of the function, resulting in the insertion of malicious metadata. - A type confusion error exists in file ext/wddx/wddx.c in the php_wddx_pop_element() function when deserializing WDDX packets. A remote attacker can exploit this to have an unspecified impact. - A flaw exists in file ext/phar/phar_object.c in the PharFileInfo::getContent() method due to the use of uninitialized memory causing improper validation of user-supplied input. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. - A NULL pointer dereference flaw exists in file ext/phar/tar.c in the phar_tar_setupmetadata() function when parsing metadata from a crafted TAR file. A remote attacker can exploit this to cause a denial of service. - An integer overflow condition exists in file ext/standard/iptc.c in the iptcembed() function due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. - An overflow condition exists in file ext/phar/tar.c in the phar_parse_tarfile() function due to improper validation of user-supplied input when decompressing TAR files. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-2554) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-03-21
    modified2016-02-11
    plugin id88694
    published2016-02-11
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88694
    titlePHP 5.6.x < 5.6.18 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1485.NASL
    descriptionAccording to the version of the pcre packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.(CVE-2015-8393) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-16
    plugin id135647
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135647
    titleEulerOS Virtualization 3.0.2.2 : pcre (EulerOS-SA-2020-1485)
  • NASL familyMisc.
    NASL idSECURITYCENTER_PHP_5_6_18.NASL
    descriptionThe Tenable SecurityCenter application installed on the remote host is either prior to version 5.3.0 or is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the Perl-Compatible Regular Expressions (PCRE) library bundled with PHP : - An overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling repeated conditional groups. An attacker can exploit this, via a specially crafted regular expression, to cause a buffer overflow, resulting in a denial of service condition. (CVE-2015-8383) - An overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling mutual recursions within a
    last seen2020-06-01
    modified2020-06-02
    plugin id93343
    published2016-09-06
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93343
    titleTenable SecurityCenter < 5.3.0 Multiple Vulnerabilities (TNS-2016-04)
  • NASL familyCGI abuses
    NASL idPHP_7_0_3.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.3. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions (PCRE) library is affected by multiple vulnerabilities related to the handling of regular expressions, subroutine calls, and binary files. A remote attacker can exploit these to cause a denial of service, obtain sensitive information, or have other unspecified impact. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394) - A flaw exists in file ext/standard/exec.c in the escapeshellcmd() and escapeshellarg() functions due to the program truncating NULL bytes in strings. A remote attacker can exploit this to bypass restrictions. - A flaw exists in file ext/standard/streamsfuncs.c in the stream_get_meta_data() function due to a failure to restrict writing user-supplied data to fields not already set. A remote attacker can exploit this to falsify the output of the function, resulting in the insertion of malicious metadata. - A type confusion error exists in file ext/wddx/wddx.c in the php_wddx_pop_element() function when deserializing WDDX packets. A remote attacker can exploit this to have an unspecified impact. - A flaw exists in file ext/phar/phar_object.c in the PharFileInfo::getContent() method due to the use of uninitialized memory causing improper validation of user-supplied input. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. - A NULL pointer dereference flaw exists in file ext/phar/tar.c in the phar_tar_setupmetadata() function when parsing metadata from a crafted TAR file. A remote attacker can exploit this to cause a denial of service. - An integer overflow condition exists in file ext/standard/iptc.c in the iptcembed() function due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. - An overflow condition exists in file ext/phar/tar.c in the phar_parse_tarfile() function due to improper validation of user-supplied input when decompressing TAR files. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-2554) - An uninitialized pointer flaw exists in the phar_make_dirstream() function within file ext/phar/dirstream.c due to improper handling of ././@LongLink files. An unauthenticated, remote attacker can exploit this, via a specially crafted TAR file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4343) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id88695
    published2016-02-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88695
    titlePHP 7.0.x < 7.0.3 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201607-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201607-02 (libpcre: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in libpcre. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91983
    published2016-07-11
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91983
    titleGLSA-201607-02 : libpcre: Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2943-1.NASL
    descriptionIt was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90306
    published2016-04-01
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90306
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : pcre3 vulnerabilities (USN-2943-1)
  • NASL familyCGI abuses
    NASL idPHP_5_5_32.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.32. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions (PCRE) library is affected by multiple vulnerabilities related to the handling of regular expressions, subroutine calls, and binary files. A remote attacker can exploit these to cause a denial of service, obtain sensitive information, or have other unspecified impact. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394) - A flaw exists in file ext/standard/exec.c in the escapeshellcmd() and escapeshellarg() functions due to the program truncating NULL bytes in strings. A remote attacker can exploit this to bypass restrictions. - A flaw exists in file ext/standard/streamsfuncs.c in the stream_get_meta_data() function due to a failure to restrict writing user-supplied data to fields not already set. A remote attacker can exploit this to falsify the output of the function, resulting in the insertion of malicious metadata. - A type confusion error exists in file ext/wddx/wddx.c in the php_wddx_pop_element() function when deserializing WDDX packets. A remote attacker can exploit this to have an unspecified impact. - A flaw exists in file ext/phar/phar_object.c in the PharFileInfo::getContent() method due to the use of uninitialized memory causing improper validation of user-supplied input. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. - A NULL pointer dereference flaw exists in file ext/phar/tar.c in the phar_tar_setupmetadata() function when parsing metadata from a crafted TAR file. A remote attacker can exploit this to cause a denial of service. - An integer overflow condition exists in file ext/standard/iptc.c in the iptcembed() function due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. - An overflow condition exists in file ext/phar/tar.c in the phar_parse_tarfile() function due to improper validation of user-supplied input when decompressing TAR files. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-2554) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id88693
    published2016-02-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88693
    titlePHP 5.5.x < 5.5.32 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2646.NASL
    descriptionAccording to the versions of the pcre packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.(CVE-2015-8393) - Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.(CVE-2017-7245) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132181
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132181
    titleEulerOS 2.0 SP3 : pcre (EulerOS-SA-2019-2646)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-EB896290D3.NASL
    descriptionThis release fixes these vulnerabilies: CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394. It also fixes compiling comments with auto-callouts, compiling expressions with negated classes in UCP mode, compiling expressions with an isolated \E between an item and its qualifier with auto-callouts, a crash in regexec() if REG_STARTEND option is set and pmatch argument is NULL, a stack overflow when formatting a 32-bit integer in pcregrep tool, compiling expressions with an empty \Q\E sequence between an item and its qualifier with auto-callouts, compiling expressions with global extended modifier that is disabled by local no-extended option at the start of the expression just after a whitespace, a possible crash in pcre_copy_named_substring() if a named substring has number greater than the space in the ovector, a buffer overflow when compiling an expression with named groups with a group that reset capture numbers, and a crash in pcre_get_substring_list() if the use of \K caused the start of the match to be earlier than the end. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89447
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89447
    titleFedora 22 : pcre-8.38-1.fc22 (2015-eb896290d3)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-FD1199DBE2.NASL
    descriptionUpdate to 8.38 and fix various CVE
    last seen2020-06-05
    modified2016-03-04
    plugin id89647
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89647
    titleFedora 23 : mingw-pcre-8.38-1.fc23 (2016-fd1199dbe2)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1448.NASL
    descriptionThis update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed : - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). These non-security issues were fixed : - JIT compiler improvements - performance improvements - The Unicode data tables have been updated to Unicode 7.0.0. This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-12-13
    plugin id95754
    published2016-12-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95754
    titleopenSUSE Security Update : pcre (openSUSE-2016-1448)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL05428062.NASL
    descriptionpcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. (CVE-2015-8393)
    last seen2020-03-17
    modified2016-10-28
    plugin id94345
    published2016-10-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94345
    titleF5 Networks BIG-IP : pcregrep in PCRE vulnerability (K05428062)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2180.NASL
    descriptionAccording to the version of the pcre packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.(CVE-2015-8393) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130642
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130642
    titleEulerOS 2.0 SP5 : pcre (EulerOS-SA-2019-2180)