42 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-2305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through...
K16831: BSD regex library vulnerability CVE-2015-2305
Security Advisory Description Description Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via ...
SUSE CVE-2006-7225
Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to cause a denial of service error or crash via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a sequence...
SUSE CVE-2015-8381
The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...
SUSE CVE-2017-7244
The pcre32xclass function in pcrexclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service invalid memory read via a crafted file...
CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...
Github regex 资源管理错误漏洞
Github regex is a Rust library for parsing, compiling, and executing regular expressions. A security vulnerability exists in regex that stems from a denial-of-service attack caused by an untrusted regex or untrusted input matched by a trusted regex...
AZL-8898 CVE-2022-24921 affecting package golang for versions less than 1.17.8-1
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...
pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...
CVE-2020-7661
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...
CVE-2019-19012
An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...
CVE-2017-13846
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
UBUNTU-CVE-2015-8389
PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...
SOL16831 - BSD regex library vulnerability CVE-2015-2305
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)
PHP 5.3 was updated to fix multiple security issues : bnc931776: pcntlexec does not check path validity CVE-2015-4026 bnc931772: overflow in ftpgenlist resulting in heap overflow CVE-2015-4022 bnc931769: memory corruption in pharparsetarfile when entry filename starts with NULL CVE-2015-4021...
regex: heap overflow in regcomp() on 32-bit architectures
A heap buffer overflow flaw was found in the regcomp function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp function could cause that application to crash and possibly execute arbitrar...
regex: heap overflow in regcomp() on 32-bit architectures
A heap buffer overflow flaw was found in the regcomp function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp function could cause that application to crash and possibly execute arbitrar...
Medium: php
Issue Overview: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression...
Fedora 20 : clamav-0.98.7-1.fc20 (2015-7378)
ClamAV 0.98.7 ============= This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted...
ClamAV < 0.98.7 Multiple Vulnerabilities
According to its version, the ClamAV clamd antivirus daemon on the remote host is prior to 0.98.7. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the pefromupx function in upx.c. A remote attacker can exploit this flaw, via a specially crafted file, to...