CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7245 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7245
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en la pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 4) o posiblemente tener otro impacto no especificado a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7245 https://bugzilla.redhat.com/show_bug.cgi?id=1437367 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7246 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7246
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 268) o posiblemente tener otro impacto no especificado a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7246 https://bugzilla.redhat.com/show_bug.cgi?id=1437369 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2017-7186 – pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)
https://notcve.org/view.php?id=CVE-2017-7186
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegación de servicio (infracción de segmentación para acceso de lectura y caída de aplicación) al activar una búsqueda de propiedad Unicode no válida. • http://www.securityfocus.com/bid/97030 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c https://bugs.exim.org/show_bug.cgi?id=2052 https://security.gentoo.org/glsa/201710-09 https://security.gentoo.org/glsa/201710-25 https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=d • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-6004 – pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)
https://notcve.org/view.php?id=CVE-2017-6004
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. La función compile_bracket_matchingpath en pcre_jit_compile.c en PCRE hasta la versión 8.x en versiones anteriores a la revisión 1680 (por ejemplo, la versión empacada de PHP 7.1.1) permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de la aplicación) a través de una expresión regular manipulada. • http://www.securityfocus.com/bid/96295 http://www.securitytracker.com/id/1037850 https://access.redhat.com/errata/RHSA-2018:2486 https://bugs.exim.org/show_bug.cgi?id=2035 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201706-11 https://vcs.pcre.org/pcre/code/trunk/pcre_ji • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1CVE-2015-3217 – pcre: stack overflow caused by mishandled group empty match (8.38/11)
https://notcve.org/view.php?id=CVE-2015-3217
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre?view=revision&revision=1566 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/06/03/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/75018 https://access.redhat.com/errata/RHSA-2016:1132 https://bugs.exim.org/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •