43 matches found
CVE-2026-27904
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
Regular Expression Denial Of Service (ReDoS)
@modelcontextprotocol/sdk is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficiently constructed regular expressions with nested quantifiers in the UriTemplate class, which allows an attacker to supply a crafted URI that triggers catastrophic backtracki...
CVE-2025-68475
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
Fedify has ReDoS Vulnerability in HTML Parsing Regex
Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...
CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
SUSE CVE-2019-20838
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...
SUSE CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...
perl: heap-based buffer overflow in regular expression compiler leads to DoS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
perl: heap-based buffer overflow in regular expression compiler leads to DoS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
perl: heap-based buffer overflow in regular expression compiler leads to DoS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
perl: heap-based buffer overflow in regular expression compiler leads to DoS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled and \X or \R has more than one fixed quantifier a related issue to CVE-2019-20454.
...
EulerOS 2.0 SP8 : perl (EulerOS-SA-2020-1820)
According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Perl before 5.30.3 has an integer overflow related to mishandling of a 'PLregkindOPn == NOTHING' situation. A crafted regular expression could lea...
DEBIAN-CVE-2019-20838
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...
ALPINE-CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
DEBIAN-CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...
UBUNTU-CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular...
CVE-2019-19204
An out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application,...
CVE-2019-19012
An integer overflow vulnerability leading to an out-of-bounds read was found in the way Oniguruma handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could crash the...