Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : pcre3 vulnerabilities (USN-547-1)

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possib...

USN-547-1: PCRE vulnerabilities

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possib...

PCRE: Multiple vulnerabilities

Background PCRE is a library providing functions for Perl-compatible regular expressions. Description Tavis Ormandy Google Security discovered multiple vulnerabilities in PCRE. He reported an error when processing "\Q\E" sequences with unmatched "\E" codes that can lead to the compiled bytecode...

openSUSE 10 Security Update : pcre (pcre-4697)

Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code CVE-2007-1659, CVE-2007-1660. %NASLMINLEVEL 7030...

GLSA-200711-28 : Perl: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200711-28 Perl: Buffer overflow Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 characters...

Perl: Buffer overflow

Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Tavis Ormandy and Will Drewry Google Security Team discovered a heap-based buffer overflow in the Regular Expression engine regcomp.c that occurs when switching from byte to Unicode UTF-8 character...

CVE-2006-7230

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the 1 -x or 2 -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service PCRE or...

CVE-2006-7230

CVE-2006-7230 concerns the PCRE library prior to 7.0, where memory sizing for a compiled regular expression can be miscalculated when the -x or -i UTF-8 options change within the pattern. This can allow a context-dependent attacker to cause a denial of service (PCRE or glibc crash). Affected prod...

CVE-2006-7227

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...

DEBIAN-CVE-2006-7228

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large 1 min, 2 max, or 3 duplength values that cause an incorrect length calculation and trigger a buffer overflo...

CVE-2006-7227

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...

CVE-2006-7227

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...

CVE-2006-7228

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large 1 min, 2 max, or 3 duplength values that cause an incorrect length calculation and trigger a buffer overflo...

CVE-2006-7227

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...

CVE-2006-7227

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns namecount or long subpattern names maxnamesize, which triggers a buffer overflow. NOT...

CVE-2006-7228

CVE-2006-7228 describes an integer overflow in the PCRE library before 6.7 that can be triggered by certain large min, max, or duplength values in a regex, leading to a context-dependent arbitrary code execution vulnerability. Public sources in the connected documents show this issue together wit...

Fedora 8 : perl-5.8.8-31.fc8 (2007-3218)

Resolves: CVE-2007-5116: perl regular expression UTF parsing errors Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

RHEL 4 / 5 : pcre (RHSA-2007:1052)

Updated pcre packages that correct security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 15 November 2007 Further analysis of these flaws in PCRE has led to the single C...

pcre incorrect memory requirement computation

Perl-Compatible Regular Expression PCRE library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service crash via a regular expression with a large number of named subpatterns, which triggers a buffer...

Important: Red Hat Security Advisory: pcre security update

Updated pcre packages that correct security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 15 November 2007 Further analysis of these flaws in PCRE has led to the single C...