Filtered by vendor Pcre
Subscribe
Total
57 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8387 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2023-02-16 | 7.5 HIGH | 7.3 HIGH |
| PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2015-8386 | 4 Fedoraproject, Oracle, Pcre and 1 more | 4 Fedora, Linux, Perl Compatible Regular Expression Library and 1 more | 2023-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2015-8383 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2023-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2011-1951 | 2 Oneidentity, Pcre | 2 Syslog-ng, Pcre | 2023-02-13 | 4.3 MEDIUM | N/A |
| lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression. | |||||
| CVE-2015-2326 | 4 Mariadb, Opensuse, Pcre and 1 more | 4 Mariadb, Opensuse, Pcre and 1 more | 2023-01-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | |||||
| CVE-2015-2325 | 4 Mariadb, Opensuse, Pcre and 1 more | 4 Mariadb, Opensuse, Pcre and 1 more | 2022-08-05 | 6.8 MEDIUM | 7.8 HIGH |
| The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | |||||
| CVE-2014-8964 | 6 Fedoraproject, Mariadb, Opensuse and 3 more | 11 Fedora, Mariadb, Opensuse and 8 more | 2022-08-04 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. | |||||
| CVE-2008-2371 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2022-08-01 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. | |||||
| CVE-2016-1283 | 4 Fedoraproject, Oracle, Pcre and 1 more | 4 Fedora, Solaris, Pcre and 1 more | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2015-2328 | 2 Oracle, Pcre | 2 Linux, Pcre | 2019-12-27 | 7.5 HIGH | N/A |
| PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2015-8385 | 2 Oracle, Pcre | 2 Linux, Perl Compatible Regular Expression Library | 2019-12-27 | 7.5 HIGH | N/A |
| PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2015-8388 | 2 Oracle, Pcre | 2 Linux, Perl Compatible Regular Expression Library | 2019-12-27 | 7.5 HIGH | N/A |
| PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2007-1662 | 1 Pcre | 1 Pcre | 2018-10-16 | 5.0 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | |||||
| CVE-2007-1661 | 2 Apple, Pcre | 3 Mac Os X, Mac Os X Server, Perl-compatible Regular Expression Library | 2018-10-16 | 6.4 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. | |||||
| CVE-2007-1660 | 1 Pcre | 1 Pcre | 2018-10-16 | 6.8 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. | |||||
| CVE-2007-1659 | 1 Pcre | 1 Pcre | 2018-10-16 | 6.8 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes. | |||||
| CVE-2008-0674 | 1 Pcre | 1 Pcre | 2018-10-15 | 7.5 HIGH | N/A |
| Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. | |||||
| CVE-2007-4768 | 1 Pcre | 1 Pcre | 2018-10-15 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | |||||
| CVE-2007-4767 | 1 Pcre | 1 Pcre | 2018-10-15 | 5.0 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. | |||||
| CVE-2007-4766 | 1 Pcre | 1 Pcre | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. | |||||