Unrated severityNVD Advisory· Published Dec 16, 2014· Updated May 6, 2026

CVE-2014-8964

Description

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Affected products

MariaDB/MariaDB
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Range: >=10.0.0,<10.0.18
Pcre/Pcre
cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
Range: <=8.36
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus5 versions
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus4 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus3 versions
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisories.mageia.org/MGASA-2014-0534.htmlnvdThird Party Advisory
bugs.exim.org/show_bug.cginvdIssue TrackingPermissions RequiredThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2015-05/msg00014.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-0330.htmlnvdThird Party Advisory
www.openwall.com/lists/oss-security/2014/11/21/6nvdMailing ListThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvdThird Party Advisory
www.securityfocus.com/bid/71206nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
security.gentoo.org/glsa/201607-02nvdThird Party Advisory
www.exim.org/viewvc/pcrenvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000