CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2015-8394
https://notcve.org/view.php?id=CVE-2015-8394
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente las condiciones (?() y (? • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.securityfocus.com/bid/82990 https://bto.bluecoat.com/security-advisory/sa128 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://security.gentoo.org/glsa/201607-02 https://security.netapp.com/advisory/ntap-20230216-0002 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 4%CPEs: 5EXPL: 0CVE-2007-1661
https://notcve.org/view.php?id=CVE-2007-1661
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 vuelve demasiado atrás cuando compara determinados bytes de entrada con algunos patrones de expresiones regulares en modo no-UTF-8, lo cual permite a atacantes locales o remotos (dependiendo del contexto) obtener información sensible o provocar una denegación de servicio (caída), como se ha demostrado mediante los patrones "\X?\d" y "\P{L}? • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 h •