Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-3797

Description

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in the TRE library of Apple's Libc via crafted regular expression allows arbitrary code execution on iOS and OS X.

Vulnerability

The vulnerability resides in the TRE regular expression library within Libc in Apple iOS (before 8.4.1) and OS X (before 10.10.5). Processing a crafted regular expression can cause memory corruption in the regex engine, leading to arbitrary code execution or application crash [1][2].

Exploitation

A context-dependent attacker can exploit this vulnerability by providing a malicious regular expression to an application that uses the TRE library. No authentication is required, but the attacker must be able to submit the crafted regex (e.g., via a web page, email, or network service) to trigger the memory corruption.

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the affected application or cause a denial of service through memory corruption and application crash. The impact includes full compromise of the application and potential escalation depending on the process's privileges.

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 and OS X Yosemite 10.10.5 and Security Update 2015-006, as documented in the security advisory pages [1][2]. Users should update their devices to the latest available operating system versions. No workarounds are publicly disclosed.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000