CVE-2008-0674
https://notcve.org/view.php?id=CVE-2008-0674
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. Desbordamiento de búfer en PCRE antes de 7.6 permite a atacantes remotos ejecutar código de su elección a través de una expresión regular que contiene un carácter class con un número grande de caracteres con puntos de código Unicode mayores de 255. • http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://pcre.org/changelog.txt http://secunia.com/advisories/28923 http://secunia.com/advisories/28957 http://secuni • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-7225 – pcre miscalculation of memory requirements for malformed Posix character class
https://notcve.org/view.php?id=CVE-2006-7225
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. La biblioteca Perl-Compatible Regular Expression (PCRE) versiones anteriores a 6.7 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (error o caída) mediante una expresión regular que involucra "clase de caracter POSIX malformado" como se demuestra con un caracter tras una secuencia [[. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/28041 http://secunia.com/advisories/28658 http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 http://www.pcre.org/changelog.txt http://www.redhat.com/support/errata/RHSA-2007-1059.html http://www.redhat.com/support/errata/RHSA-2007-1068.html http://www.securityfocus.com/bid/26725 https://bugzilla.red • CWE-20: Improper Input Validation •
CVE-2006-7230 – pcre miscalculation of memory requirements if options are changed during pattern compilation
https://notcve.org/view.php?id=CVE-2006-7230
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.0 no calcula adecuadamente la cantidad de memoria necesaria para un patrón de expresión regular compilada cuando las opciones de UTF-8 (1) -x o (2) -i cambian dentro del patrón, lo cual permite a atacantes remotos dependientes del contexto provocar una denegación de servicio (caída de PCRE o de glibc) mediante una expresión regular manipulada. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/28041 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://secunia.com/advisories/30106 http://secunia.com/advisories/30155 • CWE-189: Numeric Errors •
CVE-2006-7228 – pcre integer overflow
https://notcve.org/view.php?id=CVE-2006-7228
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. Desbordamiento de entero en librería Perl-Compatible Regular Expression (PCRE) anterior a 6.7 podría permitir a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una expresión regular que involucra grandes valores (1) min, (2) max, o (3) duplength que provocan un cálculo incorrecto de la longitud y disparan un desbordamiento de búfer, una vulnerabilidad diferente de CVE-2006-7227. NOTA: este problema estaba incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechazado y dividido. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://lists.vmware.com/pipermail/security-announce/2008/000005.html http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://scary.beasts.org/security/CESA-2007-006.html http://secunia.com/advisories/27582 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27776 http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2006-7227 – pcre integer overflow
https://notcve.org/view.php?id=CVE-2006-7227
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. Desbordamiento de entero en la librería Perl-Compatible Regular Expression (PCRE) anterior a 6.7 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una expresión regular que contiene un gran número de sobpatrones con nombre (name_count) o nombres de subpatrones largos (max_name_size), lo cual dispara un desbordamiento de búfer. NOTA: este problema fue incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechadazo y dividido. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://scary.beasts.org/security/CESA-2007-006.html http://secunia.com/advisories/27582 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27869 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •