CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20838 – pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
https://notcve.org/view.php?id=CVE-2019-20838
15 Jun 2020 — libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. libpcre en PCRE versiones anteriores a 8.43, permite una lectura excesiva del búfer del asunto en JIT cuando UTF es deshabilitado, y \X o \R contiene más de un cuantificador corregido, un problema relacionado con CVE-2019-20454 Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This so... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
15 Jun 2020 — libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distributi... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2017-16231 – PCRE 8.41 Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-16231
21 Dec 2018 — In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used ** EN DISPUTA ** En PCRE 8.41, tras la compilación, una prueba de concepto de carga pcrtest produce un desbordamiento de cierre en la función match() en pcre_exec.c debido a una llamada autorecursiva. NOTA: los... • https://packetstorm.news/files/id/150897 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11164
https://notcve.org/view.php?id=CVE-2017-11164
11 Jul 2017 — In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. En PCRE versión 8.41, la función OP_KETRMAX en la función de coincidencia en el archivo pcre_exec.c permite el agotamiento de la pila (recursión no controlada) cuando se procesa una expresión regular creada. • http://openwall.com/lists/oss-security/2017/07/11/3 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7245 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7245
23 Mar 2017 — Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en la pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 4) o posiblemente tener otro impacto no especificado a través de un archivo ... • http://www.securityfocus.com/bid/97067 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7246 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7246
23 Mar 2017 — Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 268) o posiblemente tener otro impacto no especificado a través de un archivo... • http://www.securityfocus.com/bid/97067 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7244 – pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)
https://notcve.org/view.php?id=CVE-2017-7244
23 Mar 2017 — The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. La función _pcre32_xclass en pcre_xclass.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida) a través de un archivo manipulado. This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement ... • http://www.securityfocus.com/bid/97067 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2017-7186 – pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)
https://notcve.org/view.php?id=CVE-2017-7186
20 Mar 2017 — libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegación de servicio (infracción de segmentación para acceso de lectura y caída de aplicación) al activar una búsqueda de propiedad Unicode no válida. It was discovered that PCRE incorrectly handled certa... • http://www.securityfocus.com/bid/97030 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-6004 – pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)
https://notcve.org/view.php?id=CVE-2017-6004
16 Feb 2017 — The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. La función compile_bracket_matchingpath en pcre_jit_compile.c en PCRE hasta la versión 8.x en versiones anteriores a la revisión 1680 (por ejemplo, la versión empacada de PHP 7.1.1) permite a atacantes remotos provocar una denegación de se... • http://www.securityfocus.com/bid/96295 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1CVE-2015-3217 – pcre: stack overflow caused by mishandled group empty match (8.38/11)
https://notcve.org/view.php?id=CVE-2015-3217
12 May 2016 — PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •