{
   "document": {
      "category": "csaf_security_advisory",
      "csaf_version": "2.0",
      "distribution": {
         "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
         }
      },
      "lang": "en",
      "notes": [
         {
            "category": "description",
            "text": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.",
            "title": "Vulnerability Description"
         }
      ],
      "publisher": {
         "category": "other",
         "contact_details": "gdt@cpan.org",
         "name": "giterlizzi",
         "namespace": "https://github.com/giterlizzi/"
      },
      "references": [
         {
            "category": "self",
            "summary": "CPANSA-Perl6-Pugs-2015-8382-libpcre JSON",
            "url": "https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2015/cpansa-perl6-pugs-2015-8382-libpcre.json"
         },
         {
            "category": "external",
            "summary": "https://bugs.exim.org/show_bug.cgi?id=1537",
            "url": "https://bugs.exim.org/show_bug.cgi?id=1537"
         },
         {
            "category": "external",
            "summary": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
            "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
         },
         {
            "category": "external",
            "summary": "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510",
            "url": "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510"
         },
         {
            "category": "external",
            "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=1187225",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187225"
         },
         {
            "category": "external",
            "summary": "http://www.openwall.com/lists/oss-security/2015/08/04/3",
            "url": "http://www.openwall.com/lists/oss-security/2015/08/04/3"
         },
         {
            "category": "external",
            "summary": "http://www.openwall.com/lists/oss-security/2015/11/29/1",
            "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
         },
         {
            "category": "external",
            "summary": "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834",
            "url": "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834"
         },
         {
            "category": "external",
            "summary": "http://www.securityfocus.com/bid/76157",
            "url": "http://www.securityfocus.com/bid/76157"
         },
         {
            "category": "external",
            "summary": "https://bto.bluecoat.com/security-advisory/sa128",
            "url": "https://bto.bluecoat.com/security-advisory/sa128"
         },
         {
            "category": "external",
            "summary": "CVE-2015-8382 (NVD)",
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8382"
         }
      ],
      "title": "Perl6-Pugs vulnerability",
      "tracking": {
         "current_release_date": "2015-12-02T00:00:00",
         "generator": {
            "engine": {
               "name": "CSAF Perl Toolkit",
               "version": "0.26"
            }
         },
         "id": "CPANSA-Perl6-Pugs-2015-8382-libpcre",
         "initial_release_date": "2015-12-02T00:00:00",
         "revision_history": [
            {
               "date": "2015-12-02T00:00:00",
               "number": "1",
               "summary": "First release"
            }
         ],
         "status": "final",
         "version": "1"
      }
   },
   "product_tree": {
      "branches": [
         {
            "branches": [
               {
                  "category": "product_version_range",
                  "name": "vers:cpan/>=6.0.12|<=6.2.9",
                  "product": {
                     "name": "Perl6-Pugs greater than or equal 6.0.12 and less than or equal 6.2.9",
                     "product_id": "CSAFPID-0001",
                     "product_identification_helper": {
                        "purl": "pkg:cpan/Perl6-Pugs"
                     }
                  }
               }
            ],
            "category": "product_name",
            "name": "Perl6-Pugs"
         }
      ]
   },
   "vulnerabilities": [
      {
         "cve": "CVE-2015-8382",
         "cwe": {
            "id": "CWE-119",
            "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
         },
         "notes": [
            {
               "category": "description",
               "text": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.",
               "title": "Vulnerability Description"
            }
         ],
         "product_status": {
            "known_affected": [
               "CSAFPID-0001"
            ]
         },
         "scores": [
            {
               "cvss_v2": {
                  "baseScore": 6.4,
                  "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
                  "version": "2.0"
               },
               "products": [
                  "CSAFPID-0001"
               ]
            }
         ]
      }
   ]
}