2016-01-03 00:00:00
mitre
PUBLISHED
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+"){99}-))(?J)(?R(?R<((?RR(?R){97)?J)?J)(?R(?R){99|(:(?|(?R)(kR)|((?R)))HRR)(HR))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.