CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41409
https://notcve.org/view.php?id=CVE-2022-41409
18 Jul 2023 — Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. • https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-1587 – pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1587
16 May 2022 — An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función get_recurse_data_length() del archivo pcre2_jit_compile.c. Este problema afecta a las recursiones en expresiones regulares compiladas en JIT causadas por transfere... • https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1586 – pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1586
16 May 2022 — An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función compile_xclass_matchingpath() del archivo pcre2_jit_compile.c. Esto implica un probl... • https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20838 – pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
https://notcve.org/view.php?id=CVE-2019-20838
15 Jun 2020 — libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. libpcre en PCRE versiones anteriores a 8.43, permite una lectura excesiva del búfer del asunto en JIT cuando UTF es deshabilitado, y \X o \R contiene más de un cuantificador corregido, un problema relacionado con CVE-2019-20454 Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This so... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
15 Jun 2020 — libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distributi... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-20454 – pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
https://notcve.org/view.php?id=CVE-2019-20454
14 Feb 2020 — An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. Se detectó una lectura fuera de límites en PCRE versiones anteriores a 10.34, cuando el patrón \X es compilado en JIT y usado para hacer coincidir temas esp... • https://bugs.exim.org/show_bug.cgi?id=2421 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2017-16231 – PCRE 8.41 Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-16231
21 Dec 2018 — In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used ** EN DISPUTA ** En PCRE 8.41, tras la compilación, una prueba de concepto de carga pcrtest produce un desbordamiento de cierre en la función match() en pcre_exec.c debido a una llamada autorecursiva. NOTA: los... • https://packetstorm.news/files/id/150897 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11164
https://notcve.org/view.php?id=CVE-2017-11164
11 Jul 2017 — In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. En PCRE versión 8.41, la función OP_KETRMAX en la función de coincidencia en el archivo pcre_exec.c permite el agotamiento de la pila (recursión no controlada) cuando se procesa una expresión regular creada. • http://openwall.com/lists/oss-security/2017/07/11/3 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-8786 – Gentoo Linux Security Advisory 201710-09
https://notcve.org/view.php?id=CVE-2017-8786
05 May 2017 — pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. Pcre2test.c en PCRE2 10.23 permite a atacantes remotos causar una denegación de servicio (desbordamiento de búfer basado en heap) o posiblemente otro impacto no especificado a través de una expresión regular manipulada. Multiple vulnerabilities have been found in PCRE2, the worst of which may allow remote attackers to execute... • https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-8399 – Gentoo Linux Security Advisory 201710-09
https://notcve.org/view.php?id=CVE-2017-8399
01 May 2017 — PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." PCRE2 en versiones anteriores a la 10.30 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en pila en pcre2_match.c. Esto está relacionado con un "pattern with very many captures". Multiple vulnerabilities have been found in PCRE2, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1... • http://www.securityfocus.com/bid/98315 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •