CVE-2017-12883

Buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via a crafted regular expression with an invalid '\NU+...' escape...

CVE-2017-12883

Perl 5 vulnerable to CVE-2017-12883: a buffer overflow in S_grok_bslash_N in regcomp.c allows an attacker to disclose memory or cause a denial of service via a crafted regular expression containing an invalid '\N{U+...}' escape. Affected versions are Perl before 5.24.3-RC1 and 5.26.x before 5.26....

CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

CVE-2017-12883

None...

CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

CVE-2017-12837

Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...

CVE-2017-12883

Buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via a crafted regular expression with an invalid '\NU+...' escape...

UBUNTU-CVE-2017-12883

Buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via a crafted regular expression with an invalid '\NU+...' escape...

Regular Expression Denial Of Service (ReDoS)

debug is vulnerable to Regular Expression Denial Of Service ReDoS. The regular expression is used to map %o to util.inspect can take awhile for long strings, hanging an application...

HPE Intelligent Management Center userSelectPagingContent Expression Language Injection (CVE-2017-12521)

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to a lack of validation on a request parameter on requests sent to the server. A remote attacker can exploit this vulnerability by sending a crafted request to the target server...

CVE-2017-12883

A heap buffer overread was found in perl's grokbslashN function, which is used in the compilation of Unicode nodes in regular expressions, possibly leading to crash or dump of memory segments via the error output. An attacker, able to provide a specially crafted regular expression, could look for...

IBM API Connect Denial of Service Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect has a security vulnerability. An attacker can exploit the vulnerability with the hel...

Code injection

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...

CVE-2017-1556

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...

CVE-2017-1556

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...

Regular Expression Denial of Service

Overview Affected versions of content are vulnerable to a regular expression denial of service when parsing malicious Content-Type and Content-Disposition headers. Recommendation Update to version 3.0.6 or later. References GitHub Advisory...

Apache Struts DoS Vulnerability (S2-050) - Linux

Apache Struts is prone to a regular expression Denial of Service DoS vulnerability when using URLValidator. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

HPE Intelligent Management Center saveSelectedDevices Expression Language Injection (CVE-2017-12491)

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of a parameter passed to the saveSelectedDevices method through a GWT RPC request. A remote, authenticated attacker can exploit this vulnerability by sendi...

Regular Expression Denial of Service

Overview Affected versions of no-case are vulnerable to a regular expression denial of service when parsing untrusted user input. Recommendation Update to version 2.3.2 or later. References - Issue 17 - GitHub Advisory...

Regular Expression Denial of Service

Overview Affected versions of charset are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using th...