{"id":"CVE-2015-8380","details":"The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","modified":"2026-01-27T04:15:13.174856Z","published":"2015-12-02T01:59:03Z","withdrawn":"2026-01-27T04:15:13.174856Z","related":["SUSE-SU-2016:2971-1","SUSE-SU-2016:3161-1","SUSE-SU-2017:2699-1","SUSE-SU-2017:2700-1"],"references":[{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/77695"},{"type":"ADVISORY","url":"https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html"},{"type":"ADVISORY","url":"https://bto.bluecoat.com/security-advisory/sa128"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201607-02"},{"type":"EVIDENCE","url":"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2015/11/29/1"},{"type":"EVIDENCE","url":"https://bugs.exim.org/show_bug.cgi?id=1637"}],"schema_version":"1.7.3"}