Arch Linux Security Advisory ASA-201505-4 ========================================= Severity: Medium Date : 2015-05-08 CVE-ID : CVE-2014-8964 Package : mariadb-clients Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package mariadb-clients before version 10.0.18-1 is vulnerable to denial of service. Resolution ========== Upgrade to 10.0.18-1. # pacman -Syu "mariadb-clients>=10.0.18-1" The problems have been fixed upstream in version 10.0.18. Workaround ========== None. Description =========== A heap-based buffer overflow was found in the way PCRE handled certain malformed regular expressions. This issue could cause a crash while parsing malicious regular expressions related to an assertion that allows zero repeats. Impact ====== A remote attacker is able to cause an application crash leading to denial of service via malicious regular expressions. References ========== https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8964