31 matches found
PT-2021-5546 · Busybox +5 · Busybox +5
Name of the Vulnerable Software and Affected Versions: Busybox affected versions not specified Description: A use-after-free issue in Busybox's awk applet can lead to denial of service and possibly code execution when processing a crafted awk pattern in the next input file function. This could...
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS
Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...
Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE
The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. If a form from the plugin with an upload field is present on the blog, and is used to upload...
PT-2019-19426
Name of the Vulnerable Software and Affected Versions GNU C Library aka glibc or libc6 versions prior to 2.30 Description The issue is related to Uncontrolled Recursion in the check dst limits calc pos 1 function in posix/regexec.c. This can be demonstrated by using a crafted pattern '|11' in gre...
DEBIAN-CVE-2016-9954
The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...
pcre: Buffer overflow caused by duplicate named references (8.38/36)
The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...
DEBIAN-CVE-2015-8381
The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...
UBUNTU-CVE-2015-8381
The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...
PT-2015-7791 · Php Community +2 · Pcre +2
Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns how PCRE handles the : and substrings in character classes. This mishandling allows remote attackers to cause a denial of service due to an uninitialized memory read or possibly have...
perl: heap corruption by regular expressions with utf8 characters
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service memory corruption and crash via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems...
CVE-2006-7230
Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the 1 -x or 2 -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service PCRE or...