Unrated severityNVD Advisory· Published Dec 2, 2015· Updated May 6, 2026

CVE-2015-8388

Description

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vcs.pcre.org/pcre/code/trunk/ChangeLognvdRelease NotesVendor Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www.openwall.com/lists/oss-security/2015/11/29/1nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
www.securityfocus.com/bid/85576nvdThird Party AdvisoryVDB Entry
bto.bluecoat.com/security-advisory/sa128nvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-1025.htmlnvd
rhn.redhat.com/errata/RHSA-2016-2750.htmlnvd
access.redhat.com/errata/RHSA-2016:1132nvd
security.gentoo.org/glsa/201607-02nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000