CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2008-2371
https://notcve.org/view.php?id=CVE-2008-2371
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. Desbordamiento de búfer basado en montículo en pcre_compile.c en la biblioteca Perl-Compatible Regular Expression (PCRE) 7.7, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o la posibilidad de ejecutar código de su elección a través de expresiones regulares que comienzan con un opción y contienen múltiples ramas. • http://bugs.gentoo.org/show_bug.cgi?id=228091 http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/30916& • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 65%CPEs: 1EXPL: 0CVE-2008-0674
https://notcve.org/view.php?id=CVE-2008-0674
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. Desbordamiento de búfer en PCRE antes de 7.6 permite a atacantes remotos ejecutar código de su elección a través de una expresión regular que contiene un carácter class con un número grande de caracteres con puntos de código Unicode mayores de 255. • http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://pcre.org/changelog.txt http://secunia.com/advisories/28923 http://secunia.com/advisories/28957 http://secuni • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 3%CPEs: 52EXPL: 0CVE-2006-7225 – pcre miscalculation of memory requirements for malformed Posix character class
https://notcve.org/view.php?id=CVE-2006-7225
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. La biblioteca Perl-Compatible Regular Expression (PCRE) versiones anteriores a 6.7 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (error o caída) mediante una expresión regular que involucra "clase de caracter POSIX malformado" como se demuestra con un caracter tras una secuencia [[. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/28041 http://secunia.com/advisories/28658 http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 http://www.pcre.org/changelog.txt http://www.redhat.com/support/errata/RHSA-2007-1059.html http://www.redhat.com/support/errata/RHSA-2007-1068.html http://www.securityfocus.com/bid/26725 https://bugzilla.red • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 0CVE-2006-7230 – pcre miscalculation of memory requirements if options are changed during pattern compilation
https://notcve.org/view.php?id=CVE-2006-7230
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.0 no calcula adecuadamente la cantidad de memoria necesaria para un patrón de expresión regular compilada cuando las opciones de UTF-8 (1) -x o (2) -i cambian dentro del patrón, lo cual permite a atacantes remotos dependientes del contexto provocar una denegación de servicio (caída de PCRE o de glibc) mediante una expresión regular manipulada. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/28041 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://secunia.com/advisories/30106 http://secunia.com/advisories/30155 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2006-7228 – pcre integer overflow
https://notcve.org/view.php?id=CVE-2006-7228
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. Desbordamiento de entero en librería Perl-Compatible Regular Expression (PCRE) anterior a 6.7 podría permitir a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una expresión regular que involucra grandes valores (1) min, (2) max, o (3) duplength que provocan un cálculo incorrecto de la longitud y disparan un desbordamiento de búfer, una vulnerabilidad diferente de CVE-2006-7227. NOTA: este problema estaba incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechazado y dividido. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://lists.vmware.com/pipermail/security-announce/2008/000005.html http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://scary.beasts.org/security/CESA-2007-006.html http://secunia.com/advisories/27582 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27776 http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •