Apple Safari Regular Expression Duplicate Named Groups Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of regul...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in helpers-7.24.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of helpers-7.24.0.tgz Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular...

CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

Fedora 22 : pcre-8.38-3.fc22 (2016-f5af8e27ce)

This release fixes a heap buffer overflow in handling of nested duplicate named groups with a nested back reference and a heap buffer overflow in pcretest causing infinite loop when matching globally with an ovector less than 2. Note that Tenable Network Security has extracted the preceding...