CVE-2026-8376

Summary: CVE-2026-8376 affects Perl up to 5.43.10 on 32-bit builds, where a heap buffer overflow can occur during compilation of attacker-controlled regular expressions. The root cause is a 32-bit length calculation in regcomp_study.c (Perl study chunk) that validates the joined substring buffer ...

CLSA-2026-1779465604 postgresql: Fix of CVE-2026-6473

CVE-2026-6473: tsearch: bound StartSel/StopSel/FragmentDelimiter length to PGINT16MAX in tsheadline - CVE-2026-6473: contrib/ltree: guard lquery parsing against numvar and totallen wraparound - CVE-2026-6473: regex: add overflow-checked MALLOCARRAY/REALLOCARRAY and bound NFA state/color products...

SUSE CVE-2010-1158

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service stack consumption and application crash by matching a crafted regular expression against a long string...

SUSE CVE-2010-4051

The regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service application crash via a regular expression containing adjacent bounded repetitions that bypass the intended REDUPMAX...

PT-2020-16316 · Oniguruma +1 · Oniguruma +1

Name of the Vulnerable Software and Affected Versions: Oniguruma version 6.9.5 rev1 Description: An issue exists where an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat opt exact str in src/regcomp.c. Recommendations: For...

UBUNTU-CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

postgresql: case insensitive range handling integer overflow leading to buffer overflow

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code...

DEBIAN-CVE-2010-4051

The regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service application crash via a regular expression containing adjacent bounded repetitions that bypass the intended REDUPMAX...

Server: insufficient buffer size for search patterns

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service slapd crash and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression...

Server: insufficient buffer size for search patterns

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service slapd crash and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression...