CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1CVE-2015-3217 – pcre: stack overflow caused by mishandled group empty match (8.38/11)
https://notcve.org/view.php?id=CVE-2015-3217
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre?view=revision&revision=1566 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/06/03/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/75018 https://access.redhat.com/errata/RHSA-2016:1132 https://bugs.exim.org/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9769
https://notcve.org/view.php?id=CVE-2014-9769
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. pcre_jit_compile.c en PCRE 8.35 no utiliza correctamente saltos de tabla para optimizar alternativas anidadas, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria de pila) o posiblemente tener otro impacto no especificado a través de una cadena manipulada, según lo demostrado por paquetes encontrados por Suricata durante el uso de una expresión regular en un conjunto de reglas Emerging Threats Open. • http://vcs.pcre.org/pcre?view=revision&revision=1475 http://www.openwall.com/lists/oss-security/2016/03/26/1 http://www.securityfocus.com/bid/85570 http://www.securitytracker.com/id/1035424 https://bugs.debian.org/819050 https://redmine.openinfosecfoundation.org/issues/1693 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 15%CPEs: 19EXPL: 1CVE-2016-3191 – PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3191
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. La función compile_branch en pcre_compile.c en PCRE 8.x en versiones anteriores a 8.39 y pcre2_compile.c en PCRE2 en versiones anteriores a 10.22 no maneja correctamente patrones que contienen una subcadena (*ACCEPT) en conjunción con paréntesis anidados, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffer basado en pila) a través de una expresión regular manipuada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror, también conocido como ZDI-CAN-3542. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PCRE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the compilation of regular expressions. The issue lies in the failure to validate that compilation of sub-groups will occur within the bounds of a fixed-size stack buffer. • http://rhn.redhat.com/errata/RHSA-2016-1025.html http://vcs.pcre.org/pcre2?view=revision&revision=489 http://vcs.pcre.org/pcre?view=revision&revision=1631 http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84810 https://access.redhat.com/errata/RHSA-2016:1132 https://bto.bluecoat.com/security-advisory/sa128 https://bugs.debian.org/815920 https://bugs.debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 1CVE-2016-1283 – pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)
https://notcve.org/view.php?id=CVE-2016-1283
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(? • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/79825 http://www.securitytracker.com/id/1034555 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110 https://access.redhat.com/errata/RHSA-2016:1132 https://bto.bluecoat.com/security-ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 6%CPEs: 2EXPL: 3CVE-2015-8380
https://notcve.org/view.php?id=CVE-2015-8380
The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_exec en pcre_exec.c en PCRE en versiones anteriores a 8.38 no maneja correctamente un patrón // con una cadena \01, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.securityfocus.com/bid/77695 https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html https://bto.bluecoat.com/security-advisory/sa128 https://bugs.exim.org/show_bug.cgi?id=1637 https://security.gentoo.org/glsa/201607-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •