Denial of service in PCRE - CVE-2014-9769
Published: March 30, 2016 / Updated: October 11, 2022
Vulnerability identifier: #VU812
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-9769
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PCRE
Affected software:
PCRE
PCRE
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper input validation during the compilation of malformed regular expressions with nested alternatives. By regular sending a specially crafted expression string to the application using the PCRE library attackers can cause the application to cease proper functionality.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
The weakness is due to improper input validation during the compilation of malformed regular expressions with nested alternatives. By regular sending a specially crafted expression string to the application using the PCRE library attackers can cause the application to cease proper functionality.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
How to mitigate CVE-2014-9769
Install update from vendor's website.