Page 10 of 57 results (0.013 seconds)

CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 0

CVE-2006-7230 – pcre miscalculation of memory requirements if options are changed during pattern compilation

https://notcve.org/view.php?id=CVE-2006-7230

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.0 no calcula adecuadamente la cantidad de memoria necesaria para un patrón de expresión regular compilada cuando las opciones de UTF-8 (1) -x o (2) -i cambian dentro del patrón, lo cual permite a atacantes remotos dependientes del contexto provocar una denegación de servicio (caída de PCRE o de glibc) mediante una expresión regular manipulada. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/28041 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://secunia.com/advisories/30106 http://secunia.com/advisories/30155 • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

CVE-2006-7228 – pcre integer overflow

https://notcve.org/view.php?id=CVE-2006-7228

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. Desbordamiento de entero en librería Perl-Compatible Regular Expression (PCRE) anterior a 6.7 podría permitir a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una expresión regular que involucra grandes valores (1) min, (2) max, o (3) duplength que provocan un cálculo incorrecto de la longitud y disparan un desbordamiento de búfer, una vulnerabilidad diferente de CVE-2006-7227. NOTA: este problema estaba incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechazado y dividido. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://lists.vmware.com/pipermail/security-announce/2008/000005.html http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://scary.beasts.org/security/CESA-2007-006.html http://secunia.com/advisories/27582 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27776 http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

CVE-2006-7227 – pcre integer overflow

https://notcve.org/view.php?id=CVE-2006-7227

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. Desbordamiento de entero en la librería Perl-Compatible Regular Expression (PCRE) anterior a 6.7 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una expresión regular que contiene un gran número de sobpatrones con nombre (name_count) o nombres de subpatrones largos (max_name_size), lo cual dispara un desbordamiento de búfer. NOTA: este problema fue incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechadazo y dividido. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://scary.beasts.org/security/CESA-2007-006.html http://secunia.com/advisories/27582 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27869 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 4%CPEs: 3EXPL: 0

CVE-2007-4768 – : pcre before 7.3 incorrect unicode in char class optimization

https://notcve.org/view.php?id=CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. Desbordamiento de búfer basado en montículo en la librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una secuencia de caracteres Unicode unitarios en una clase character de un patrón de expresión regular, lo cual está optimizado incorrectamente. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 0

CVE-2007-1660 – pcre regular expression flaws

https://notcve.org/view.php?id=CVE-2007-1660

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. La biblioteca Perl-Compatible Regular Expression (PCRE) anterior a la versión 7.0 no calcula apropiadamente los tamaños de las "multiple forms of character class" no especificadas, lo que desencadena un desbordamiento de búfer que permite a los atacantes dependiendo del contexto provocar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://mail.gnome.org/archives/gtk-devel-list& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •