Page 3 of 22 results (0.008 seconds)

CVSS: 4.3EPSS: 4%CPEs: 52EXPL: 0

Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. La biblioteca Perl-Compatible Regular Expression (PCRE) versiones anteriores a 6.7 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (error o caída) mediante una expresión regular que involucra "clase de caracter POSIX malformado" como se demuestra con un caracter tras una secuencia [[. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/28041 http://secunia.com/advisories/28658 http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 http://www.pcre.org/changelog.txt http://www.redhat.com/support/errata/RHSA-2007-1059.html http://www.redhat.com/support/errata/RHSA-2007-1068.html http://www.securityfocus.com/bid/26725 https://bugzilla.red • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 0

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.0 no calcula adecuadamente la cantidad de memoria necesaria para un patrón de expresión regular compilada cuando las opciones de UTF-8 (1) -x o (2) -i cambian dentro del patrón, lo cual permite a atacantes remotos dependientes del contexto provocar una denegación de servicio (caída de PCRE o de glibc) mediante una expresión regular manipulada. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/28041 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://secunia.com/advisories/30106 http://secunia.com/advisories/30155 • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. Desbordamiento de entero en librería Perl-Compatible Regular Expression (PCRE) anterior a 6.7 podría permitir a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una expresión regular que involucra grandes valores (1) min, (2) max, o (3) duplength que provocan un cálculo incorrecto de la longitud y disparan un desbordamiento de búfer, una vulnerabilidad diferente de CVE-2006-7227. NOTA: este problema estaba incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechazado y dividido. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://lists.vmware.com/pipermail/security-announce/2008/000005.html http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://scary.beasts.org/security/CESA-2007-006.html http://secunia.com/advisories/27582 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27776 http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. Desbordamiento de entero en la librería Perl-Compatible Regular Expression (PCRE) anterior a 6.7 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una expresión regular que contiene un gran número de sobpatrones con nombre (name_count) o nombres de subpatrones largos (max_name_size), lo cual dispara un desbordamiento de búfer. NOTA: este problema fue incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechadazo y dividido. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://scary.beasts.org/security/CESA-2007-006.html http://secunia.com/advisories/27582 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27869 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 4%CPEs: 3EXPL: 0

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. Desbordamiento de búfer basado en montículo en la librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una secuencia de caracteres Unicode unitarios en una clase character de un patrón de expresión regular, lo cual está optimizado incorrectamente. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •