Security Bulletin: IBM Netezza SQL Extensions is vulnerable to an OpenSource PCRE Vulnerability (CVE-2015-8380, CVE-2015-8382, CVE-2015-8391)

Vulnerability Details

CVEID: CVE-2015-8380

DESCRIPTION:
PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of a pattern with a \01 string by the pcre_exec function. By using a specially crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVSS Base Score: 7.300
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/108467 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-8382

Description:
PCRE could allow a remote attacker to obtain sensitive information, caused by the mishandling of the pattern and related patterns involving (*ACCEPT) by the match function. An attacker could exploit this vulnerability using a specially crafted regular expression to obtain sensitive information or cause a denial of service.

CVSS Base Score: 6.500
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/108465 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID: CVE-2015-8391

Description: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of certain nesting by the pcre_compile function. An attacker could exploit this vulnerability using a specially crafted regular expression to execute arbitrary code on the system or cause a denial of service.

CVSS Base Score: 7.300
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/108456 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)