CVE-2015-8390

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

PCRE en versiones anteriores a 8.38 no maneja correctamente las subcadenas [: and \\ en clases carácter, lo que permite a atacantes remotos causar una denegación de servicio (lectura de memoria no inicializada) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror.