CVE-2014-9769
https://notcve.org/view.php?id=CVE-2014-9769
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. pcre_jit_compile.c en PCRE 8.35 no utiliza correctamente saltos de tabla para optimizar alternativas anidadas, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria de pila) o posiblemente tener otro impacto no especificado a través de una cadena manipulada, según lo demostrado por paquetes encontrados por Suricata durante el uso de una expresión regular en un conjunto de reglas Emerging Threats Open. • http://vcs.pcre.org/pcre?view=revision&revision=1475 http://www.openwall.com/lists/oss-security/2016/03/26/1 http://www.securityfocus.com/bid/85570 http://www.securitytracker.com/id/1035424 https://bugs.debian.org/819050 https://redmine.openinfosecfoundation.org/issues/1693 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3191 – PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3191
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. La función compile_branch en pcre_compile.c en PCRE 8.x en versiones anteriores a 8.39 y pcre2_compile.c en PCRE2 en versiones anteriores a 10.22 no maneja correctamente patrones que contienen una subcadena (*ACCEPT) en conjunción con paréntesis anidados, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffer basado en pila) a través de una expresión regular manipuada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror, también conocido como ZDI-CAN-3542. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PCRE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the compilation of regular expressions. The issue lies in the failure to validate that compilation of sub-groups will occur within the bounds of a fixed-size stack buffer. • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://vcs.pcre.org/pcre2?view=revision&revision=489 http://vcs.pcre.org/pcre?view=revision&revision=1631 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84810 https://access.redhat.com/errata/RHSA-2016:1132 https://bto.bluecoat.com/security-advisory/sa128 https://bugs.debian.org/815920 https://bugs.debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2016-1283 – pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)
https://notcve.org/view.php?id=CVE-2016-1283
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(? • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/79825 http://www.securitytracker.com/id/1034555 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110 https://access.redhat.com/errata/RHSA-2016:1132 https://bto.bluecoat.com/security-ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2015-2328 – pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)
https://notcve.org/view.php?id=CVE-2015-2328
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.36 no maneja correctamente el patrón /((?(R)a|(? • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.fortiguard.com/advisory/FG-VD-15-014 http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/74924 https://bugs.exim.org/show_ • CWE-19: Data Processing Errors CWE-674: Uncontrolled Recursion •
CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)
https://notcve.org/view.php?id=CVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/82990 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •