Amazon Linux AMI : glib2 (ALAS-2023-1775)

The version of glib2 installed on the remote host is prior to 2.36.3-5.26. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1775 advisory. Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers t...

Amazon Linux 2 : glib2 (ALAS-2023-2107)

The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2107 advisory. PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of...

SUSE CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2019-2486)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

pcre: Buffer overflow caused by duplicate named references (8.38/36)

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

Fedora 23 : pcre-8.38-1.fc23 (2015-994f0b3021)

This release fixes various bugs when compiling or matching expressions. It also fixes how pcregrep handles binary files. It also fixes a heap-based buffer overflow in pcreexec when ovector has size 1 bug 1285415 Note that Tenable Network Security has extracted the preceding description block...

[SECURITY] Fedora 22 Update: mingw-pcre-8.38-1.fc22

Cross compiled Perl-compatible regular expression library for use with ming w32. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regula...

pcre: Security update (18 CVEs)

The pcre package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 8.37-2 = 8.38-1 CHANGELOG Mon, 25 Jan 2016 14:08:12 +0100 560cb22 fixes: CVE 2015-2327 CVE 2015-2328 CVE 2015-8380 CVE 2015-8381 CVE 2015-8382 CVE 2015-8383 CVE 2015-83...

PCRE Denial of Service Vulnerability (CNVD-2016-00094)

PCRE is a software developer Philip Hazel developed by the use of C language written in open source regular expression library . A security vulnerability exists in the 'pcrecompile2' function in the pcrecompile.c file in PCRE version 8.38. A remote attacker can exploit this vulnerability to cause...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

CVE-2016-1283 affects PCRE 8.38; the vulnerable pattern handling in pcre_compile2 can cause a heap-based buffer overflow, enabling DoS via crafted regex (demonstrated via a JavaScript RegExp in Konqueror). Connected advisories show multiple distributions releasing fixes for PHP/PCRE via updated P...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2015-8395

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

DEBIAN-CVE-2015-8395

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

CVE-2015-8393

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...

CVE-2015-8392

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

CVE-2015-8391

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...