Out-of-bounds

The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...

Out-of-bounds

The compilebranch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash, or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large...

CVE-2015-2326

The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...

CVE-2015-3217

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...

pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384...

Fedora 22 : pcre-8.37-7.fc22 (2015-afafa29551)

This release fixes CVE-2015-8380 a heap-based buffer overflow in pcreexec when ovector has size 1. ---- This release fixes a crash when compiling an expression with long MARK or THEN names. It also fixes compiling a POSIX character class followed by a single ASCII character in a class item while...

Fedora 22 : pcre-8.37-4.fc22 (2015-14235)

This release fixes a heap overflow when compiling certain regular expressions with named refecences. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

[SECURITY] Fedora 22 Update: pcre-8.37-4.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

[SECURITY] Fedora 23 Update: pcre-8.37-4.fc23

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

Fedora 22 : pcre-8.37-3.fc22 (2015-12921)

This release fixes buffer overflows when compiling certain expressions. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

[SECURITY] Fedora 22 Update: pcre-8.37-3.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

[SECURITY] Fedora 22 Update: pcre-8.37-2.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

pcre: buffer overflow

Several buffer overflows have been found in pcre = 8.37. By compiling a crafted regular expression, it is possible to write more than the expected size into various buffers, allowing arbitrary code execution...

PT-2015-6097 · Pcre +3 · Pcre2 +4

Name of the Vulnerable Software and Affected Versions: PCRE versions 8.34 through 8.37 PCRE2 version 10.10 Description: A heap-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted regular expression. Recommendations: For PCRE versions 8.34 through 8.37, upda...

openSUSE Security Update : pcre (openSUSE-2015-353)

The regular expression library pcre was updated to 8.37 to fix three security issues and a number of bugs and correctness issues. The following vulnerabilities were fixed : - CVE-2015-2325: Specially crafted regular expressions could have caused a heap buffer overlow in compilebranch, potentially...