CVEs-PoC/2015/CVE-2015-8380.md at ef21a24366f7bbc1220842143b6857a7549ce607

mirror of https://github.com/0xMarcio/cve.git synced 2026-03-27 00:50:19 +01:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

POC

Reference

https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/bygregonline/devsec-fastapi-report
https://github.com/marklogic/marklogic-docker
https://github.com/marklogic/marklogic-kubernetes
https://github.com/mrash/afl-cve

1.0 KiB Raw Blame History

CVE-2015-8380

Description

POC

Reference

Github

1.0 KiB

Raw Blame History