CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2019-20838 – pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
https://notcve.org/view.php?id=CVE-2019-20838
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. libpcre en PCRE versiones anteriores a 8.43, permite una lectura excesiva del búfer del asunto en JIT cuando UTF es deshabilitado, y \X o \R contiene más de un cuantificador corregido, un problema relacionado con CVE-2019-20454 • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2021/Feb/14 https://bugs.gentoo.org/717920 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://support.apple.com/kb/HT211931 https://support.apple.com/kb/HT212147 https://www.pcre.org/original/changelog.txt https://access.redhat.com/security/cve/CVE-2019-20838 https://bugzilla.redhat.com/show_bug.cgi?id=1848444 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2021/Feb/14 https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release https://bugs.gentoo.org/717920 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security.netapp.com/advisory/ntap-20221028-0010 https://support.apple.com/kb/HT211931 https://support.apple.com/kb/HT212147 https://www.oracle.com/security-alerts/cp • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16231 – PCRE 8.41 Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-16231
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used ** EN DISPUTA ** En PCRE 8.41, tras la compilación, una prueba de concepto de carga pcrtest produce un desbordamiento de cierre en la función match() en pcre_exec.c debido a una llamada autorecursiva. NOTA: los terceros discuten la relevancia de este informe, indicando que hay opciones que pueden emplearse para limitar la cantidad de pila que se emplea. PCRE version 8.41 suffers from a buffer overflow in the match() function. • http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html http://seclists.org/fulldisclosure/2018/Dec/33 http://www.openwall.com/lists/oss-security/2017/11/01/11 http://www.openwall.com/lists/oss-security/2017/11/01/3 http://www.openwall.com/lists/oss-security/2017/11/01/7 http://www.openwall.com/lists/oss-security/2017/11/01/8 http://www.securityfocus.com/bid/101688 https://bugs.exim.org/show_bug.cgi?id=2047 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11164
https://notcve.org/view.php?id=CVE-2017-11164
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. En PCRE versión 8.41, la función OP_KETRMAX en la función de coincidencia en el archivo pcre_exec.c permite el agotamiento de la pila (recursión no controlada) cuando se procesa una expresión regular creada. • http://openwall.com/lists/oss-security/2017/07/11/3 http://www.openwall.com/lists/oss-security/2023/04/11/1 http://www.openwall.com/lists/oss-security/2023/04/12/1 http://www.securityfocus.com/bid/99575 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7244 – pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)
https://notcve.org/view.php?id=CVE-2017-7244
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. La función _pcre32_xclass en pcre_xclass.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida) a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7244 https://bugzilla.redhat.com/show_bug.cgi?id=1437364 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •