High severity7.5NVD Advisory· Published Dec 13, 2016· Updated May 6, 2026

CVE-2015-3217

Description

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

Affected products

IBM/Powerkvm2 versions
cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*
Pcre/Pcre2
cpe:2.3:a:pcre:pcre2:10.10:*:*:*:*:*:*:*
Pcre/Pcre7 versions
cpe:2.3:a:pcre:pcre:7.8:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:pcre:pcre:7.8:*:*:*:*:*:*:*
- cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*
- cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*
- cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*
- cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*
- cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*
- cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vcs.pcre.org/pcrenvdPatch
bugs.exim.org/show_bug.cginvdExploitIssue TrackingVendor Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www.securityfocus.com/bid/75018nvdThird Party AdvisoryVDB Entry
www.openwall.com/lists/oss-security/2015/06/03/7nvdMailing List
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
rhn.redhat.com/errata/RHSA-2016-1025.htmlnvd
rhn.redhat.com/errata/RHSA-2016-2750.htmlnvd
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvd
access.redhat.com/errata/RHSA-2016:1132nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000