GHSA-FHR3-XH3Q-69W6 uutils coreutils has an Incorrect Provision of Specified Functionality Issue

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

MiracleLinux 7 : grep-2.20-2.el7 (AXSA:2015-669:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-669:01 advisory. The GNU versions of commonly used grep utilities. Grep searches through textual input for lines which contain a match to a specified pattern and then prints t...

EUVD-2006-7202

Malware in sbrugna...

CLSA-2025-1759222758 ruby: Fix of 4 CVEs

CVE-2016-2337: Fix type confusion in canceleval Ruby's TclTkIp class method to prevent arbitrary code execution - CVE-2017-9224: Fix stack out-of-bounds read in matchat during regular expression searching - CVE-2017-9227: Fix stack out-of-bounds read in mbcenclen and invalid pointer dereference...

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

RHEL 7 : pcre (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pcre: inefficient posix character class syntax check 8.38/16 CVE-2015-8391 - pcre: Integer overflow cause...

Medium: glib2

Issue Overview: PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of service uninitialized memory read or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

SUSE CVE-2006-7225

Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to cause a denial of service error or crash via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a sequence...

SUSE CVE-2007-1660

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...

SUSE CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...

SUSE CVE-2008-0674

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255...

Oracle Linux 7 : pcre (ELSA-2016-1025)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1025 advisory. - Fix CVE-2015-2328 infinite recursion compiling pattern with recursive reference in a group with indefinite repeat bug 1330508 - Fix CVE-2015-8385...

Fedora 22 : pcre-8.37-7.fc22 (2015-afafa29551)

This release fixes CVE-2015-8380 a heap-based buffer overflow in pcreexec when ovector has size 1. ---- This release fixes a crash when compiling an expression with long MARK or THEN names. It also fixes compiling a POSIX character class followed by a single ASCII character in a class item while...

pcre regular expression flaws

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...

PCRE: Buffer overflow

Background PCRE is a Perl-compatible regular expression library. GLib includes a copy of PCRE. Description PCRE contains a buffer overflow vulnerability when processing a character class containing a very large number of characters with codepoints greater than 255. Impact A remote attacker could...

Fedora 8 : pcre-7.3-3.fc8 (2008-1783)

This update addresses buffer overflow caused by a character class containing a very large number of characters with codepoints greater than 255 in UTF-8 mode - CVE-2008-0674, 431660 This issue may affect usages of pcre, when regular expressions from untrusted sources are compiled. Handling of...

CVE-2008-0674

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255...

CVE-2008-0674

CVE-2008-0674 is a buffer overflow in the PCRE library prior to 7.6 that permits remote attackers to execute arbitrary code via a regular expression containing a character class with many Unicode code points above 255. The CVE is listed across multiple vulnerability feeds (e.g., OpenVAS/Nessus en...

CVE-2008-0674

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255...