CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-4872 – pcre incorrect memory requirement computation
https://notcve.org/view.php?id=CVE-2005-4872
31 Dec 2005 — Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2005-2491 – pcre heap overflow
https://notcve.org/view.php?id=CVE-2005-2491
22 Aug 2005 — Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt •