CVE-2015-2327

CVE-2015-2327 concerns PCRE before 8.36, which mishandles the pattern /(((a\2)|(a*)\g))*/ and related recursive back-references. The vulnerability allows a remote attacker to cause a denial of service (segmentation fault) or potentially other impact via a crafted regular expression, as demonstrat...

CVE-2015-8380

The pcreexec function in pcreexec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...

CVE-2015-8384

PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...

CVE-2015-2328

PCRE before 8.36 mishandles the /?Ra|?1+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

CVE-2015-8381

The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...

CVE-2015-8388

PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

CVE-2015-8392

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

CVE-2015-8391

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

CVE-2015-8394

CVE-2015-8394 (PCRE) and related PCRE family issues: PCRE before 8.38 mishandles certain conditional groups (e.g., (?() and (?(R))) and other constructs, enabling remote attackers to cause denial of service (integer overflow) or related impact via crafted RegEx, demonstrated by a JavaScript RegEx...

CVE-2015-8387

CVE-2015-8387 concerns the PCRE library prior to 8.38. The description states that certain (?123) subroutine calls are mishandled, allowing a remote attacker to cause a denial of service via an crafted regex (integer overflow risk) and possibly other impact. IBM/related bulletins in the connected...

CVE-2015-8391

PCRE library (libpcre) prior to 8.38 is affected by CVE-2015-8391 due to mishandling of certain [: nesting in pcre_compile.c, enabling remote attackers to trigger a denial of service (CPU consumption) via crafted regular expressions (as used by JavaScript RegExp objects in Konqueror). Affected pr...

CVE-2015-8383

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

CVE-2015-8389

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

CVE-2015-8390

PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of service uninitialized memory read or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

CVE-2015-8394

PCRE before 8.38 mishandles the ? and ?R conditions, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

CVE-2015-8387

PCRE before 8.38 mishandles ?123 subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

CVE-2015-8389

CVE-2015-8389 is a PCRE vulnerability where a crafted regular expression such as /(?:|a|){100}x/ can trigger denial of service via infinite recursion. Technical details across connected docs confirm the flaw lies in PCRE before 8.38 and that exploitation affects multiple products; remediation doc...

CVE-2015-8386

Summary (CVE-2015-8386) PCRE before 8.38 mishandles the interaction between lookbehind assertions and mutually recursive subpatterns in crafted regular expressions, allowing remote attackers to cause a denial of service (buffer overflow) or potentially other impact. This vulnerability affects the...

CentOS 7 : file (CESA-2015:2155)

Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

CVE-2015-8387

PCRE before 8.38 mishandles ?123 subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...