Page 7 of 34 results (0.008 seconds)

CVSS: 5.0EPSS: 4%CPEs: 3EXPL: 0

Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 no computa adecuadamente la longitud de (1) una secuencia \p, (2) una secuencia \P, o (3) una secuencia \P{x}, lo cual permite a atacantes dependientes de contexto provocar una denegación de servicio (bucle infinito o caída) o ejecutar código de su elección. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 h •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0

Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 lee más allá del final de una cadena cuando busca corchetes no coincidentes y paréntesis, lo cual permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída), posiblemente involucrando referencias hacia delante. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 h •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://scary.beasts.org/security/CESA-2007-006.html http://secunia.com/advisories/27582 http://secunia.com/advisories/27773 http://secunia.com/advisories/27869 http://secunia.com/advisories/28658 http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 http://www.novell.com/linux/security/advisories/2007_62_pcre.html http://www.pcre.org& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://docs.info.apple.com/article.html?artnum=302847 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://marc.info/?l=bugtraq&m=112605112027335&w=2 http://marc.info/?l=bugtraq&m=112606064317223&w=2 http://marc.info/? •