CVE-2016-9643 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-9643 Interim 1 22 2023-02-10T02:27:45Z current 2021-05-30T13:48:10Z 2023-02-10T02:27:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-9643 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 12 SP2 libQtWebKit4 libQtWebKit4-32bit libjavascriptcoregtk-3_0-0 libwebkitgtk-3_0-0 libwebkitgtk3-lang webkitgtk3 libQtWebKit4 as a component of SUSE Linux Enterprise Server 12 SP2 libQtWebKit4-32bit as a component of SUSE Linux Enterprise Server 12 SP2 libjavascriptcoregtk-3_0-0 as a component of SUSE Linux Enterprise Server 12 SP2 libwebkitgtk-3_0-0 as a component of SUSE Linux Enterprise Server 12 SP2 libwebkitgtk3-lang as a component of SUSE Linux Enterprise Server 12 SP2 webkitgtk3 as a component of SUSE Linux Enterprise Server 12 SP2 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). CVE-2016-9643 SUSE Linux Enterprise Server 12 SP2:libQtWebKit4 SUSE Linux Enterprise Server 12 SP2:libQtWebKit4-32bit SUSE Linux Enterprise Server 12 SP2:libjavascriptcoregtk-3_0-0 SUSE Linux Enterprise Server 12 SP2:libwebkitgtk-3_0-0 SUSE Linux Enterprise Server 12 SP2:libwebkitgtk3-lang SUSE Linux Enterprise Server 12 SP2:webkitgtk3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H