Regular Expression Denial of Service

Overview Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later References - Regular Expression Denial of Service - OWASP - GitHub Advisory...

SUSE-SU-2015:1790-1 Security update for icu

icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler bsc917129...

Memory corruption

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted replace operation with a JavaScript regular expressio...

CVE-2015-2482

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted replace operation with a JavaScript regular expressio...

Microsoft Windows JavaScript Regular Expression Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to search and replac...

bugzilla: unauthorized account creation

Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...

ownCloud: apps.owncloud.com: Referer protection Bypassed

@herlove has reported a vulnerability within the appstore at apps.owncloud.com allowing an adversary to bypass the HTTP referer based CSRF protection. This issue was caused by an insufficient regular expression which has been patched meanwhile. On request of the reporter this issue has been...

CVE-2013-4486

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging...

[SECURITY] Fedora 22 Update: pcre-8.37-4.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

Bugzilla security issues

Bugzilla Security Advisory Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the...

Amazon Linux: Security Advisory (ALAS-2013-270)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Out-of-bounds

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

Code injection

The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression...

[SECURITY] Fedora 23 Update: pcre-8.37-4.fc23

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

FreeBSD : pcre -- heap overflow vulnerability (6900e6f1-4a79-11e5-9ad8-14dae9d210b8)

Guanxing Wen reports : PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. The Heap Overflow vulnerability is caused by the...

pcre -- heap overflow vulnerability

Guanxing Wen reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. The Heap Overflow vulnerability is caused by the followi...

The vulnerability of the Google Chrome operating system, which allows a perpetrator to trigger a service failure

The vulnerability of Google Chrome’s regular expression implementation is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using JavaScript code...