{"id":"CVE-2016-3191","details":"The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.","modified":"2026-05-15T12:01:24.102922127Z","published":"2016-03-17T23:59:01.447Z","related":["SUSE-SU-2016:2971-1","SUSE-SU-2016:3161-1","SUSE-SU-2017:2699-1","SUSE-SU-2017:2700-1","openSUSE-SU-2024:10277-1","openSUSE-SU-2024:10447-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"pcre:pcre","cpes":["cpe:2.3:a:pcre:pcre:8.00:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.01:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.02:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.10:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.11:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.12:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.13:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.20:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.21:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.30:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.31:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*","cpe:2.3:a:pcre:pcre:8.38:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.00"},{"last_affected":"8.01"},{"last_affected":"8.02"},{"last_affected":"8.10"},{"last_affected":"8.11"},{"last_affected":"8.12"},{"last_affected":"8.13"},{"last_affected":"8.20"},{"last_affected":"8.21"},{"last_affected":"8.30"},{"last_affected":"8.31"},{"last_affected":"8.32"},{"last_affected":"8.33"},{"last_affected":"8.34"},{"last_affected":"8.35"},{"last_affected":"8.36"},{"last_affected":"8.37"},{"last_affected":"8.38"}]}]},"references":[{"type":"WEB","url":"http://vcs.pcre.org/pcre2?view=revision&revision=489"},{"type":"WEB","url":"http://vcs.pcre.org/pcre?view=revision&revision=1631"},{"type":"WEB","url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/84810"},{"type":"WEB","url":"https://bugs.debian.org/815920"},{"type":"WEB","url":"https://bugs.debian.org/815921"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2016-18"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1025.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"type":"ADVISORY","url":"https://bto.bluecoat.com/security-advisory/sa128"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311503"},{"type":"EVIDENCE","url":"https://bugs.exim.org/show_bug.cgi?id=1791"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}