43 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-2305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through...
K16831: BSD regex library vulnerability CVE-2015-2305
Security Advisory Description Description Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via ...
SUSE CVE-2006-7225
Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to cause a denial of service error or crash via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a sequence...
SUSE CVE-2015-8381
The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...
SUSE CVE-2017-7244
The pcre32xclass function in pcrexclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service invalid memory read via a crafted file...
CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...
The vulnerability of the compile_xclass_matchingpath() function in the PCRE2 library allows a attacker to cause a service failure or expose protected information.
The vulnerability of the compilexclassmatchingpath function in the PCRE2 library is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause service failures or disclose sensitive information by sending specially crafted data...
Github regex 资源管理错误漏洞
Github regex is a Rust library for parsing, compiling, and executing regular expressions. A security vulnerability exists in regex that stems from a denial-of-service attack caused by an untrusted regex or untrusted input matched by a trusted regex...
AZL-8898 CVE-2022-24921 affecting package golang for versions less than 1.17.8-1
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...
pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...
CVE-2020-7661
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...
CVE-2019-19012
An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...
CVE-2017-13846
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
UBUNTU-CVE-2015-8389
PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...
SOL16831 - BSD regex library vulnerability CVE-2015-2305
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)
PHP 5.3 was updated to fix multiple security issues : bnc931776: pcntlexec does not check path validity CVE-2015-4026 bnc931772: overflow in ftpgenlist resulting in heap overflow CVE-2015-4022 bnc931769: memory corruption in pharparsetarfile when entry filename starts with NULL CVE-2015-4021...
regex: heap overflow in regcomp() on 32-bit architectures
A heap buffer overflow flaw was found in the regcomp function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp function could cause that application to crash and possibly execute arbitrar...
regex: heap overflow in regcomp() on 32-bit architectures
A heap buffer overflow flaw was found in the regcomp function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp function could cause that application to crash and possibly execute arbitrar...
Medium: php
Issue Overview: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression...
Fedora 20 : clamav-0.98.7-1.fc20 (2015-7378)
ClamAV 0.98.7 ============= This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted...