2015-12-02 01:00:00
mitre
PUBLISHED
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?R)(kR)|((?R)))HRkRf)|s(?R))))/ and /(?J:(?|(:(?|(?R)(z(?|(?R)(kR)|((?R)))kR)|((?R)))HAkRf)|s(?R)))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.