CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

Securly Chrome Extension 安全漏洞

Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability arises from the lack of complexity validation during the...

CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

PT-2026-43159

Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.43.11 Description A heap buffer overflow occurs on 32-bit builds when compiling regular expressions containing a repeated fixed string. The issue resides in the Perl study chunk function within regcomp study.c, which...

📄 libxml2 2.9.14 (2022) Heap Buffer Overflow

libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. ============================================================================================================================================= | Title : libxml2 2.9.14...

EUVD-2017-18167

Malware in sbrugna...

CLSA-2025-1757666588 ruby: Fix of CVE-2017-9226

CVE-2017-9226: fix a heap out-of-bounds write or read occurs in nextstateval during regular expression compilation...

UBUNTU-CVE-2023-47038

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer...

SUSE CVE-2016-10132

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service NULL pointer dereference and crash via vectors related to regular expression compilation...

SUSE CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

SUSE CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...

perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive Sstudychunk calls...

oniguruma: Invalid pointer dereference in left_adjust_char_head()

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...

oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

The vulnerability of the Oniguruma library, related to the use of an uninitialized variable, which allows for memory corruption to occur.

The vulnerability of the Oniguruma library arises from an incorrect change in the state of the parsecharclass function. This allows for the use of an uninitialized variable during writing to the buffer. Exploiting this vulnerability could enable a malicious actor to cause memory corruption by...

The vulnerability of the Oniguruma library, related to incorrect handling of numbers, allows attackers to cause memory corruption.

The vulnerability of the Oniguruma library arises from the incorrect processing of numbers greater than 0xff in the functions fetchtoken and fetchtokenincc during the compilation of regular expressions. Exploiting this vulnerability allows a remote attacker to cause a memory corruption by using a...

The vulnerability of the Oniguruma library, related to writing beyond the buffer boundaries on the stack, allows a hacker to cause a service failure.

The vulnerability of the Oniguruma library exists due to the improper handling of the code position 0xFFFFFFFF in the unicodeunfoldkey function during the compilation of regular expressions. As a result, when the nigencunicodegetcasefoldcodesbystr function is called, 4 bytes will be written at th...

ALPINE-CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

ALPINE-CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...