107 matches found
UBUNTU-CVE-2015-8383
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...
UBUNTU-CVE-2015-8392
PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...
UBUNTU-CVE-2015-8385
PCRE before 8.38 mishandles the /?|\k'Pm'|?'Pm'/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...
UBUNTU-CVE-2015-8394
PCRE before 8.38 mishandles the ? and ?R conditions, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...
PT-2015-7793 · Philip Hazel +2 · Pcre +2
Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns the mishandling of the -q option for binary files by pcregrep in PCRE, potentially allowing remote attackers to obtain sensitive information via a crafted file. This could be exploit...
PT-2015-7790 · Pcre +4 · Pcre +4
Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, such as the /?:|a|100x/ pattern and related...
PT-2015-7784 · Philip Hazel +2 · Pcre +2
Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns the mishandling of certain repeated conditional groups in regular expressions, which can be exploited by remote attackers to cause a denial of service buffer overflow or possibly hav...
UBUNTU-CVE-2015-8388
PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...
USN-2694-1 pcre3 vulnerabilities
Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2014-8964...
PCRE 'compile_branch()' function heap buffer overflow vulnerability
PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. PCRE suffers from a heap buffer overflow vulnerability in compilebranch. This vulnerability allows an attacker to execute arbitrary code i...
PCRE 'compile_regex()' Buffer Overflow Vulnerability
PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A buffer overflow vulnerability exists in PCRE 'compileregex'. This allows attackers to exploit the vulnerability to execute arbitrary cod...
UBUNTU-CVE-2015-3210
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384...
UBUNTU-CVE-2015-2326
The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...
UBUNTU-CVE-2015-2325
The compilebranch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash, or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large...
PT-2014-8764 · Philip Hazel +6 · Pcre +6
Name of the Vulnerable Software and Affected Versions: PCRE versions 8.36 and earlier Description: A heap-based buffer overflow issue allows remote attackers to cause a denial of service crash or have other unspecified impact via a crafted regular expression, related to an assertion that allows...
DEBIAN-CVE-2011-4957
The makeclickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service crash via a comment with a crafted URL that triggers many recursive calls...
: pcre before 7.3 incorrect unicode in char class optimization
Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...
DEBIAN-CVE-2006-7225
Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to cause a denial of service error or crash via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a sequence...
pcre integer overflow
Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large 1 min, 2 max, or 3 duplength values that cause an incorrect length calculation and trigger a buffer overflo...
pcre regular expression flaws
Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...