CVE-2026-9256

NGINX Plus and NGINX Open Source expose a vulnerability in the ngx_http_rewrite_module when a rewrite directive uses distinct, overlapping PCRE captures (e.g., ^/((.*))$) and the replacement references multiple captures (e.g., $1$2) in redirects or arguments. An unauthenticated attacker can send ...

EUVD-2005-2492

Malware in sbrugna...

USN-7777-1 pcre2 vulnerability

It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose sensitive information...

pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode

An out-of-bounds read was discovered in PCRE when the pattern "\X" is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to crash the application...

UBUNTU-CVE-2019-20838

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...

PCRE Buffer Overflow Vulnerability

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A buffer overflow vulnerability exists in versions of PCRE prior to 10.34. The vulnerability stems from a networked system or product...

The vulnerability of the PCRE library in the Mac OS X operating system allows a hacker to cause a service failure or exert other effects.

Vulnerability of the PCRE library in the Mac OS X operating system. Exploiting this vulnerability can allow a malicious actor to cause service failure application termination or have other adverse effects...

pcre: Buffer overflow caused by duplicate named references (8.38/36)

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

PCRE Denial of Service Vulnerability (CNVD-2015-07880)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle the interaction ...

PCRE Denial of Service Vulnerability (CNVD-2015-07879)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle '/? |\k'Pm'|?'...

UBUNTU-CVE-2015-8390

PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of service uninitialized memory read or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

PCRE 'pcre_compile2()' function heap buffer overflow vulnerability

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. PCRE suffers from a heap buffer overflow vulnerability in 'pcrecompile2'. An attacker is allowed to exploit this vulnerability to execute...

Debian: Security Advisory (DSA-819-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-800-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandrake Linux Security Advisory : pcre (MDKSA-2005:151)

Integer overflow in pcrecompile.c in Perl Compatible Regular Expressions PCRE before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The updated packages have been patched to...