Perl Compatible Regular Expression Library Security Vulnerabilities and Issues — Perl Compatible Regular Expression Library CVE List

Lucene search

PcrePerl Compatible Regular Expression Library

16 matches found

CVE•added 2015/12/02 1:59 a.m.•108 views

CVE-2015-8385

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...

7.5CVSS7.6AI score0.09142EPSS

CVE•added 2015/12/02 1:59 a.m.•101 views

CVE-2015-8390

PCRE before 8.38 mishandles the [: and \ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by K...

9.8CVSS9.5AI score0.03772EPSS

CVE•added 2015/12/02 1:59 a.m.•99 views

CVE-2015-8386

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp ob...

9.8CVSS7.6AI score0.07134EPSS

CVE•added 2015/12/02 1:59 a.m.•98 views

CVE-2015-8383

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

9.8CVSS7.6AI score0.03799EPSS

CVE•added 2015/12/02 1:59 a.m.•98 views

CVE-2015-8394

PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

9.8CVSS9.5AI score0.03332EPSS

CVE•added 2015/12/02 1:59 a.m.•94 views

CVE-2015-8393

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

7.5CVSS7.9AI score0.00396EPSS

CVE•added 2015/12/02 1:59 a.m.•92 views

CVE-2015-8388

PCRE before 8.38 mishandles the /(?=di(?

7.5CVSS7.6AI score0.07456EPSS

CVE•added 2015/12/02 1:59 a.m.•87 views

CVE-2015-8387

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Ko...

7.5CVSS8.4AI score0.01988EPSS

CVE•added 2015/12/02 1:59 a.m.•87 views

CVE-2015-8392

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encount...

7.5CVSS7.9AI score0.07861EPSS

CVE•added 2015/12/02 1:59 a.m.•83 views

CVE-2015-8395

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-201...

7.5CVSS7.8AI score0.07861EPSS

CVE•added 2015/12/02 1:59 a.m.•80 views

CVE-2015-8389

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konq...

9.8CVSS9.5AI score0.01805EPSS

CVE•added 2015/12/02 1:59 a.m.•79 views

CVE-2015-2327

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrat...

7.5CVSS7.4AI score0.0453EPSS

CVE•added 2015/12/02 1:59 a.m.•77 views

CVE-2015-8380

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript Re...

7.5CVSS9.5AI score0.01238EPSS

CVE•added 2015/12/02 1:59 a.m.•77 views

CVE-2015-8381

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns wi...

7.5CVSS7.5AI score0.0905EPSS

CVE•added 2015/12/02 1:59 a.m.•73 views

CVE-2015-8384

PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a ...

7.5CVSS7.8AI score0.07861EPSS

CVE•added 2015/12/02 1:59 a.m.•70 views

CVE-2015-8382

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of se...

6.4CVSS8.8AI score0.01772EPSS