{ "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2016-3191", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "84810", "refsource": "BID", "url": "http://www.securityfocus.com/bid/84810" }, { "name": "http://vcs.pcre.org/pcre2?view=revision&revision=489", "refsource": "CONFIRM", "url": "http://vcs.pcre.org/pcre2?view=revision&revision=489" }, { "name": "RHSA-2016:1132", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886" }, { "name": "RHSA-2016:1025", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html" }, { "name": "https://bugs.debian.org/815921", "refsource": "CONFIRM", "url": "https://bugs.debian.org/815921" }, { "name": "https://bugs.debian.org/815920", "refsource": "CONFIRM", "url": "https://bugs.debian.org/815920" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503" }, { "name": "https://bugs.exim.org/show_bug.cgi?id=1791", "refsource": "CONFIRM", "url": "https://bugs.exim.org/show_bug.cgi?id=1791" }, { "name": "https://www.tenable.com/security/tns-2016-18", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2016-18" }, { "name": "https://bto.bluecoat.com/security-advisory/sa128", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa128" }, { "name": "http://vcs.pcre.org/pcre?view=revision&revision=1631", "refsource": "CONFIRM", "url": "http://vcs.pcre.org/pcre?view=revision&revision=1631" } ] } }