Lucene search

K

Pcre Security Vulnerabilities

cve
cve

CVE-2017-16231

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is...

5.5CVSS

5.7AI Score

0.001EPSS

2019-03-21 03:59 PM
69
cve
cve

CVE-2019-20838

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to...

7.5CVSS

6.7AI Score

0.01EPSS

2020-06-15 05:15 PM
180
2
cve
cve

CVE-2019-20454

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application....

7.5CVSS

5.9AI Score

0.001EPSS

2020-02-14 02:15 PM
147
2
cve
cve

CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C...

5.3CVSS

6.4AI Score

0.007EPSS

2020-06-15 05:15 PM
222
4
cve
cve

CVE-2005-2491

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer...

9.9AI Score

0.023EPSS

2005-08-23 04:00 AM
50
cve
cve

CVE-2015-3210

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?Pc)(?Pa(?P=B)))>WGXCREDITS)/, a different vulnerability than...

9.8CVSS

8.2AI Score

0.137EPSS

2016-12-13 04:59 PM
45
cve
cve

CVE-2017-6004

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular...

7.5CVSS

7.1AI Score

0.018EPSS

2017-02-16 11:59 AM
72
cve
cve

CVE-2005-4872

Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer...

6.3AI Score

0.003EPSS

2007-11-14 09:00 PM
25
cve
cve

CVE-2017-11164

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular...

7.5CVSS

7.2AI Score

0.004EPSS

2017-07-11 03:29 AM
104
cve
cve

CVE-2006-7228

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer.....

9.9AI Score

0.021EPSS

2007-11-14 09:46 PM
36
cve
cve

CVE-2015-8382

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((ACCEPT)))/ pattern and related patterns involving (ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of...

8.8AI Score

0.05EPSS

2015-12-02 01:59 AM
47
cve
cve

CVE-2006-7227

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer...

7.5AI Score

0.021EPSS

2007-11-14 09:46 PM
35
4
cve
cve

CVE-2022-1587

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data...

9.1CVSS

8.9AI Score

0.002EPSS

2022-05-16 09:15 PM
243
10
cve
cve

CVE-2022-1586

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...

9.1CVSS

9.1AI Score

0.004EPSS

2022-05-16 09:15 PM
198
9
cve
cve

CVE-2022-41409

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative...

7.5CVSS

7.3AI Score

0.001EPSS

2023-07-18 02:15 PM
239
cve
cve

CVE-2015-8394

PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

9.8CVSS

9.5AI Score

0.038EPSS

2015-12-02 01:59 AM
71
cve
cve

CVE-2015-8389

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

9.8CVSS

9.5AI Score

0.028EPSS

2015-12-02 01:59 AM
55
cve
cve

CVE-2015-8383

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

9.8CVSS

7.6AI Score

0.05EPSS

2015-12-02 01:59 AM
64
cve
cve

CVE-2015-8393

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a...

7.5CVSS

7.9AI Score

0.005EPSS

2015-12-02 01:59 AM
60
cve
cve

CVE-2015-8387

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

7.3CVSS

8.4AI Score

0.015EPSS

2015-12-02 01:59 AM
58
cve
cve

CVE-2015-8386

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp...

9.8CVSS

7.6AI Score

0.033EPSS

2015-12-02 01:59 AM
71
cve
cve

CVE-2015-8390

PCRE before 8.38 mishandles the [: and \ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by.....

9.8CVSS

9.5AI Score

0.028EPSS

2015-12-02 01:59 AM
65
cve
cve

CVE-2015-8391

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

9.8CVSS

7.6AI Score

0.027EPSS

2015-12-02 01:59 AM
71
2
cve
cve

CVE-2011-1951

lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular...

9AI Score

0.013EPSS

2011-07-11 08:55 PM
31
cve
cve

CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated...

5.5CVSS

6.1AI Score

0.001EPSS

2020-01-14 05:15 PM
64
2
cve
cve

CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a...

7.8CVSS

6.6AI Score

0.002EPSS

2020-01-14 05:15 PM
63
5
cve
cve

CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular...

9.8CVSS

9.6AI Score

0.015EPSS

2017-05-05 12:29 AM
27
cve
cve

CVE-2017-8399

PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many...

9.8CVSS

9.6AI Score

0.012EPSS

2017-05-01 06:59 PM
29
cve
cve

CVE-2017-7245

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted...

7.8CVSS

7.9AI Score

0.006EPSS

2017-03-23 09:59 PM
85
cve
cve

CVE-2017-7244

The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted...

5.5CVSS

5.8AI Score

0.004EPSS

2017-03-23 09:59 PM
82
cve
cve

CVE-2017-7246

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted...

7.8CVSS

7.9AI Score

0.006EPSS

2017-03-23 09:59 PM
82
4
cve
cve

CVE-2017-7186

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property...

7.5CVSS

7.2AI Score

0.043EPSS

2017-03-20 12:59 AM
86
cve
cve

CVE-2015-5073

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an....

9.1CVSS

7.6AI Score

0.031EPSS

2016-12-13 04:59 PM
60
4
cve
cve

CVE-2015-3217

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by...

7.5CVSS

6.7AI Score

0.014EPSS

2016-12-13 04:59 PM
176
cve
cve

CVE-2014-9769

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata....

7.3CVSS

8.5AI Score

0.009EPSS

2016-03-28 04:59 PM
32
cve
cve

CVE-2016-3191

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.8CVSS

9.5AI Score

0.151EPSS

2016-03-17 11:59 PM
104
cve
cve

CVE-2016-1283

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'){97)?J)?J)(?'R'(?'R'){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a...

9.8CVSS

9.6AI Score

0.016EPSS

2016-01-03 12:59 AM
121
5
cve
cve

CVE-2015-8395

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

7.8AI Score

0.025EPSS

2015-12-02 01:59 AM
51
cve
cve

CVE-2015-8392

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

7.9AI Score

0.025EPSS

2015-12-02 01:59 AM
55
cve
cve

CVE-2015-8388

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated ...

7.6AI Score

0.016EPSS

2015-12-02 01:59 AM
62
cve
cve

CVE-2015-8385

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

7.6AI Score

0.019EPSS

2015-12-02 01:59 AM
82
cve
cve

CVE-2015-8384

PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a....

7.8AI Score

0.025EPSS

2015-12-02 01:59 AM
49
cve
cve

CVE-2015-8381

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns...

7.5AI Score

0.039EPSS

2015-12-02 01:59 AM
61
cve
cve

CVE-2015-8380

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

9.5AI Score

0.067EPSS

2015-12-02 01:59 AM
48
cve
cve

CVE-2015-2328

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp.....

7.5AI Score

0.014EPSS

2015-12-02 01:59 AM
50
cve
cve

CVE-2015-2327

PCRE before 8.36 mishandles the /(((a\2)|(a)\g<-1>))/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as...

7.4AI Score

0.059EPSS

2015-12-02 01:59 AM
46
cve
cve

CVE-2014-8964

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero...

8.4AI Score

0.028EPSS

2014-12-16 06:59 PM
64
2
cve
cve

CVE-2008-2371

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple...

9.2AI Score

0.004EPSS

2008-07-07 11:41 PM
82
3
cve
cve

CVE-2008-0674

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than...

9.8AI Score

0.533EPSS

2008-02-18 11:00 PM
40
cve
cve

CVE-2006-7230

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service...

6AI Score

0.014EPSS

2007-11-15 07:46 PM
34
Total number of security vulnerabilities57