CVE-2017-8399
https://notcve.org/view.php?id=CVE-2017-8399
PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." PCRE2 en versiones anteriores a la 10.30 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en pila en pcre2_match.c. Esto está relacionado con un "pattern with very many captures". • http://www.securityfocus.com/bid/98315 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783 https://security.gentoo.org/glsa/201710-09 https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup https://vcs.pcre.org/pcre2?view=revision&revision=674 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7186 – pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)
https://notcve.org/view.php?id=CVE-2017-7186
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegación de servicio (infracción de segmentación para acceso de lectura y caída de aplicación) al activar una búsqueda de propiedad Unicode no válida. • http://www.securityfocus.com/bid/97030 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c https://bugs.exim.org/show_bug.cgi?id=2052 https://security.gentoo.org/glsa/201710-09 https://security.gentoo.org/glsa/201710-25 https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=d • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3217 – pcre: stack overflow caused by mishandled group empty match (8.38/11)
https://notcve.org/view.php?id=CVE-2015-3217
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre?view=revision&revision=1566 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/06/03/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/75018 https://access.redhat.com/errata/RHSA-2016:1132 https://bugs.exim.org/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVE-2016-3191 – PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3191
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. La función compile_branch en pcre_compile.c en PCRE 8.x en versiones anteriores a 8.39 y pcre2_compile.c en PCRE2 en versiones anteriores a 10.22 no maneja correctamente patrones que contienen una subcadena (*ACCEPT) en conjunción con paréntesis anidados, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffer basado en pila) a través de una expresión regular manipuada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror, también conocido como ZDI-CAN-3542. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PCRE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the compilation of regular expressions. The issue lies in the failure to validate that compilation of sub-groups will occur within the bounds of a fixed-size stack buffer. • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://vcs.pcre.org/pcre2?view=revision&revision=489 http://vcs.pcre.org/pcre?view=revision&revision=1631 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84810 https://access.redhat.com/errata/RHSA-2016:1132 https://bto.bluecoat.com/security-advisory/sa128 https://bugs.debian.org/815920 https://bugs.debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2015-3210 – pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
https://notcve.org/view.php?id=CVE-2015-3210
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(? • http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2015/06/01/7 http://www.openwall.com/lists/oss-security/2015/12/02/11 http://www.securityfocus.com/bid/74934 https://access.redhat.com/errata/RHSA-2016:1132 https://bugs.exim.org/show_bug.cgi?id=1636 https://access.redhat.com/security/cve/CVE-2015-3210 https://bugzilla.redhat.com/show_bug.cgi?id=1287623 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •