Vulnerability Description
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pcre | Pcre | <= 8.36 |
| Mariadb | Mariadb | >= 10.0.0, < 10.0.18 |
| Fedoraproject | Fedora | 19 |
| Opensuse | Opensuse | 13.1 |
| Oracle | Solaris | 11.2 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 7.3 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.3 |
| Redhat | Enterprise Linux Server Tus | 7.3 |
| Redhat | Enterprise Linux Workstation | 7.0 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2014-0534.htmlThird Party Advisory
- http://bugs.exim.org/show_bug.cgi?id=1546Issue TrackingPermissions RequiredThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.hMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.htMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.htMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.htMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.htmlMailing ListThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0330.htmlThird Party Advisory
- http://www.exim.org/viewvc/pcre?view=revision&revision=1513Broken Link
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:002Broken Link
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:137Broken Link
- http://www.openwall.com/lists/oss-security/2014/11/21/6Mailing ListThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
- http://www.securityfocus.com/bid/71206Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1166147Issue TrackingThird Party Advisory
FAQ
What is CVE-2014-8964?
CVE-2014-8964 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assert...
How severe is CVE-2014-8964?
CVE-2014-8964 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8964?
Check the references section above for vendor advisories and patch information. Affected products include: Pcre Pcre, Mariadb Mariadb, Fedoraproject Fedora, Opensuse Opensuse, Oracle Solaris.