CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41409
https://notcve.org/view.php?id=CVE-2022-41409
18 Jul 2023 — Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. • https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-1587 – pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1587
16 May 2022 — An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función get_recurse_data_length() del archivo pcre2_jit_compile.c. Este problema afecta a las recursiones en expresiones regulares compiladas en JIT causadas por transfere... • https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1586 – pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1586
16 May 2022 — An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función compile_xclass_matchingpath() del archivo pcre2_jit_compile.c. Esto implica un probl... • https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-20454 – pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
https://notcve.org/view.php?id=CVE-2019-20454
14 Feb 2020 — An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. Se detectó una lectura fuera de límites en PCRE versiones anteriores a 10.34, cuando el patrón \X es compilado en JIT y usado para hacer coincidir temas esp... • https://bugs.exim.org/show_bug.cgi?id=2421 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-8786 – Gentoo Linux Security Advisory 201710-09
https://notcve.org/view.php?id=CVE-2017-8786
05 May 2017 — pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. Pcre2test.c en PCRE2 10.23 permite a atacantes remotos causar una denegación de servicio (desbordamiento de búfer basado en heap) o posiblemente otro impacto no especificado a través de una expresión regular manipulada. Multiple vulnerabilities have been found in PCRE2, the worst of which may allow remote attackers to execute... • https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-8399 – Gentoo Linux Security Advisory 201710-09
https://notcve.org/view.php?id=CVE-2017-8399
01 May 2017 — PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." PCRE2 en versiones anteriores a la 10.30 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en pila en pcre2_match.c. Esto está relacionado con un "pattern with very many captures". Multiple vulnerabilities have been found in PCRE2, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1... • http://www.securityfocus.com/bid/98315 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2017-7186 – pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)
https://notcve.org/view.php?id=CVE-2017-7186
20 Mar 2017 — libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegación de servicio (infracción de segmentación para acceso de lectura y caída de aplicación) al activar una búsqueda de propiedad Unicode no válida. It was discovered that PCRE incorrectly handled certa... • http://www.securityfocus.com/bid/97030 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1CVE-2015-3217 – pcre: stack overflow caused by mishandled group empty match (8.38/11)
https://notcve.org/view.php?id=CVE-2015-3217
12 May 2016 — PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 3%CPEs: 19EXPL: 1CVE-2016-3191 – PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3191
17 Mar 2016 — The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. La función compile_branch en pcre_compile.c en PCRE 8.x en versione... • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 6%CPEs: 5EXPL: 1CVE-2015-3210 – pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
https://notcve.org/view.php?id=CVE-2015-3210
03 Aug 2015 — Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(? • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •