Code injection

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

Code injection

PCRE before 8.36 mishandles the /a\2|a\g/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

Code injection

PCRE before 8.36 mishandles the /?Ra|?1+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

Buffer overflow

PCRE before 8.38 mishandles the /?|\k'Pm'|?'Pm'/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

Buffer overflow

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

Integer overflow

PCRE before 8.38 mishandles ?123 subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

Integer overflow

PCRE before 8.38 mishandles the ? and ?R conditions, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

Buffer overflow

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp...

Buffer overflow

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

Buffer overflow

PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...

Design/Logic Flaw

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

CVE-2015-2327

PCRE before 8.36 mishandles the /a\2|a\g/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

CVE-2015-8385

CVE-2015-8385 (PCRE) affects PCRE before 8.38. The vulnerability arises when parsing certain forward-referencing patterns like /(?|(\k'Pm')|(?'Pm'))/ in regular expressions, causing a denial of service via a heap-based buffer overflow (remote attacker may craft a regex that triggers it). Multiple...

CVE-2015-8380

The pcreexec function in pcreexec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...

CVE-2015-8380

CVE-2015-8380 refers to a heap-based buffer overflow in PCRE’s pcre_exec when handling a pattern with a \01 escape, exploitable via a crafted JavaScript RegExp and capable of DoS or more. Connected documents corroborate additional PCRE-related issues (e.g., various CVEs around 8.38 and constructs...

CVE-2015-8385

PCRE before 8.38 mishandles the /?|\k'Pm'|?'Pm'/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

CVE-2015-8382

The match function in pcreexec.c in PCRE before 8.37 mishandles the /?:abcd|?:?:?:?:abc|?:abcdefbabcdefghiabc|ACCEPT/ pattern and related patterns involving ACCEPT, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service partially initialized...

CVE-2015-8382

CVE-2015-8382 affects Cloud Pak for Security CP4S where PCRE’s pcre_exec.c pattern matching (prior to 8.37) mishandles patterns including (*ACCEPT), enabling a remote attacker to potentially read sensitive process memory or trigger a denial of service via crafted RegExp strings. Affected CP4S ver...

CVE-2015-2328

CVE-2015-2328 affects PCRE, where PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ and related recursive patterns. This can enable a remote attacker to trigger a denial of service (segmentation fault) or other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

CVE-2015-2327

CVE-2015-2327 concerns PCRE before 8.36, which mishandles the pattern /(((a\2)|(a*)\g))*/ and related recursive back-references. The vulnerability allows a remote attacker to cause a denial of service (segmentation fault) or potentially other impact via a crafted regular expression, as demonstrat...