204 matches found
DEBIAN-CVE-2019-20454
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. T...
PT-2019-6339 · Pcre +7 · Pcre +7
Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 10.34 Description: An out-of-bounds read was discovered in PCRE when the pattern X is JIT compiled and used to match specially crafted subjects in non-UTF mode. This issue affects applications that use PCRE to parse...
DEBIAN-CVE-2017-16231
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is use...
pcre: stack-based buffer overflow write in pcre32_copy_substring
Stack-based buffer overflow in the pcre32copysubstring function in pcreget.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service WRITE of size 4 or possibly have unspecified other impact via a crafted file...
The vulnerability of the PCRE library in the Mac OS X operating system allows a hacker to cause a service failure or exert other effects.
Vulnerability of the PCRE library in the Mac OS X operating system. Exploiting this vulnerability can allow a malicious actor to cause service failure application termination or have other adverse effects...
ALPINE-CVE-2017-11164
In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...
DEBIAN-CVE-2017-11164
In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...
[SECURITY] Fedora 25 Update: pcre2-10.23-6.fc25
PCRE2 is a re-working of the original PCRE Perl-compatible regular expression library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which...
PCRE 'pcre32_copy_substring' function buffer overflow vulnerability (CNVD-2017-04912)
PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A buffer overflow vulnerability exists in the 'pcre32copysubstring' function in the pcreget.c file of libpcre1 in PCRE version 8.40. A...
ALPINE-CVE-2017-7244
The pcre32xclass function in pcrexclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service invalid memory read via a crafted file...
DEBIAN-CVE-2017-7245
Stack-based buffer overflow in the pcre32copysubstring function in pcreget.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service WRITE of size 4 or possibly have unspecified other impact via a crafted file...
PCRE 'compile_bracket_matchingpath()' Function Denial of Service Vulnerability
PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. PCRE suffers from a denial of service vulnerability. An attacker could exploit this vulnerability to cause a denial of service or execute...
UBUNTU-CVE-2017-6004
The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...
DEBIAN-CVE-2015-3217
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...
pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384...
pcre: Buffer overflow caused by duplicate named references (8.38/36)
The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...
pcre: Buffer overflow caused by duplicate named references (8.38/36)
PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...
pcre: stack overflow caused by mishandled group empty match (8.38/11)
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...
pcre: heap buffer overflow in compile_branch()
The compilebranch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash, or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large...
pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...