6608 matches found
USN-547-1: PCRE vulnerabilities
Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possib...
GLSA-200711-28 : Perl: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-200711-28 Perl: Buffer overflow Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 characters...
Perl: Buffer overflow
Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 character...
CVE-2006-7230
CVE-2006-7230 concerns the PCRE library prior to 7.0, where memory sizing for a compiled regular expression can be miscalculated when the -x or -i UTF-8 options change within the pattern. This can allow a context-dependent attacker to cause a denial of service (PCRE or glibc crash). Affected prod...
CVE-2006-7227
Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...
CVE-2006-7227
Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...
CVE-2006-7227
Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...
CVE-2006-7228
CVE-2006-7228 describes an integer overflow in the PCRE library before 6.7 that can be triggered by certain large min, max, or duplength values in a regex, leading to a context-dependent arbitrary code execution vulnerability. Public sources in the connected documents show this issue together wit...
CVE-2006-7227
Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...
Fedora 8 : perl-5.8.8-31.fc8 (2007-3218)
Resolves: CVE-2007-5116: perl regular expression UTF parsing errors Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
RHEL 4 / 5 : pcre (RHSA-2007:1052)
Updated pcre packages that correct security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 15 November 2007 Further analysis of these flaws in PCRE has led to the single C...
Mandrake Linux Security Advisory : pcre (MDKSA-2007:212)
Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the us...
Perl Unicode正则表达式堆溢出漏洞
BUGTRAQ ID: 26350 CVECAN ID: CVE-2007-5116 Perl是一种免费且功能强大的编程语言。 Perl的正则表达式引擎在计算处理正则表达式所需空间的方式存在错误,本地攻击者可能利用此漏洞提升权限。 如果用户所发送到正则表达式中包含有Unicode数据的话,就会导致运行时自动切换到Unicode字符主题,之后再传送的表达式就可能触发堆溢出,导致在用户机器上执行任意指令。 Larry Wall Perl 5.8.8 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1400-1)以及相应补丁: DSA-1400-1:Ne...
CVE-2007-5116
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...
DEBIAN-CVE-2007-5116
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...
CVE-2007-4766
Multiple integer overflows in Perl-Compatible Regular Expression PCRE library before 7.3 allow context-dependent attackers to cause a denial of service crash or execute arbitrary code via unspecified escape backslash sequences...
Buffer overflow
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...
Code injection
Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes...
CVE-2007-5116
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...
CVE-2007-1659
Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes...