CVSS: 9.8EPSS: 15%CPEs: 19EXPL: 1CVE-2016-3191 – PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3191
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. La función compile_branch en pcre_compile.c en PCRE 8.x en versiones anteriores a 8.39 y pcre2_compile.c en PCRE2 en versiones anteriores a 10.22 no maneja correctamente patrones que contienen una subcadena (*ACCEPT) en conjunción con paréntesis anidados, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffer basado en pila) a través de una expresión regular manipuada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror, también conocido como ZDI-CAN-3542. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PCRE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the compilation of regular expressions. The issue lies in the failure to validate that compilation of sub-groups will occur within the bounds of a fixed-size stack buffer. • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://vcs.pcre.org/pcre2?view=revision&revision=489 http://vcs.pcre.org/pcre?view=revision&revision=1631 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84810 https://access.redhat.com/errata/RHSA-2016:1132 https://bto.bluecoat.com/security-advisory/sa128 https://bugs.debian.org/815920 https://bugs.debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 13%CPEs: 5EXPL: 1CVE-2015-3210 – pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
https://notcve.org/view.php?id=CVE-2015-3210
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(? • http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2015/06/01/7 http://www.openwall.com/lists/oss-security/2015/12/02/11 http://www.securityfocus.com/bid/74934 https://access.redhat.com/errata/RHSA-2016:1132 https://bugs.exim.org/show_bug.cgi?id=1636 https://access.redhat.com/security/cve/CVE-2015-3210 https://bugzilla.redhat.com/show_bug.cgi?id=1287623 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •