suse · CVE-2015-2325

Quick triage

Priority: medium Published: 2021-05-30 13:28:23 UTC Updated: 2026-04-18 18:23:08 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-2325 severity moderate: SUSE including 861 source package names (0.9.1:libpcre1-8.39-7.1, 1.0.0:libpcre1-8.39-7.1, …), 1149 product×package rows across 110 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (110 product lines)): Fixed 915, Known Affected 157, Known Not Affected 77.

Description:

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

cvelogic Threat Intelligence