CVE-2026-35379

A flaw was found in the tr utility of uutils coreutils. A logic error causes the program to incorrectly define the :graph: and :print: character classes, reversing their standard behavior. This vulnerability can lead to unintended data modification or loss when the utility is used in automated...

EUVD-2026-25034

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

CVE-2026-35379

Affected product and component: uutils coreutils’ tr utility. Root cause: logic error causes mis-definition of character classes [:graph:] and [:print:], inadvertently including ASCII space (0x20) in [:graph:] while excluding it from [:print:], reversing standard POSIX/GNU behavior. Impact: can l...

CVE-2026-35379 uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

CVE-2026-35379 uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils, which stems from a logical error in the tr function. This error incorrectly defines graphic character classes and printable character classes,...

UBUNTU-CVE-2026-33672

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

CVE-2026-33672

CVE-2026-33672 affects the Picomatch glob matcher used in JavaScript. The vulnerability stems from a method-injection in the POSIX_REGEX_SOURCE object, which inherits from Object.prototype. Attackers can craft POSIX bracket expressions (for example, [[:constructor:]]) that reference inherited met...

EUVD-2015-8272

Malware in sbrugna...

PT-2025-15907 · Git +1 · Joni

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software suffers from a security exception during the parsing of character classes within the org.joni.Parser.parseCharClass and...

Medium: pcre

Issue Overview: PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of service uninitialized memory read or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

SUSE CVE-2015-8390

PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of service uninitialized memory read or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

openSUSE Security Update : pcre2 (openSUSE-2016-966)

This update for pcre2 fixes the following issues : - pcre2 10.22 : - The POSIX wrapper function regcomp did not used to support back references and subroutine calls if called with the REGNOSUB option. It now does. - A new function, pcre2codecopy, is added, to make a copy of a compiled pattern. -...

pcre: inefficient posix character class syntax check (8.38/16)

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

CVE-2015-8390

PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of service uninitialized memory read or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

CVE-2015-8390

CVE-2015-8390 is a PCRE vulnerability: PCRE versions before 8.38 mishandle the [: and \ substrings in character classes, allowing a remote attacker to cause a denial of service (uninitialized memory read) via a crafted RegExp (JavaScript RegExp object, Konqueror). The connected IBM bulletins corr...

PCRE字符类缓冲区溢出漏洞

BUGTRAQ ID: 27786 CVECAN ID: CVE-2008-0674 PCRE（Perl兼容正则表达式）库是个开放源代码的软件，可提供正则表达式支持。 PCRE在处理字符类时存在缓冲区溢出漏洞，如果用户发送了codepoint大于255的超长UTF-8字符类的话，就可能触发这个溢出，导致执行任意指令。 PCRE 7.6 Debian ------ Debian已经为此发布了一个安全公告（DSA-1499-1）以及相应补丁: DSA-1499-1：New pcre3 packages fix arbitrary code execution...

DEBIAN-CVE-2007-1660

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...