CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20838 – pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
https://notcve.org/view.php?id=CVE-2019-20838
15 Jun 2020 — libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. libpcre en PCRE versiones anteriores a 8.43, permite una lectura excesiva del búfer del asunto en JIT cuando UTF es deshabilitado, y \X o \R contiene más de un cuantificador corregido, un problema relacionado con CVE-2019-20454 Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This so... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
15 Jun 2020 — libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distributi... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-6004 – pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)
https://notcve.org/view.php?id=CVE-2017-6004
16 Feb 2017 — The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. La función compile_bracket_matchingpath en pcre_jit_compile.c en PCRE hasta la versión 8.x en versiones anteriores a la revisión 1680 (por ejemplo, la versión empacada de PHP 7.1.1) permite a atacantes remotos provocar una denegación de se... • http://www.securityfocus.com/bid/96295 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1CVE-2015-3217 – pcre: stack overflow caused by mishandled group empty match (8.38/11)
https://notcve.org/view.php?id=CVE-2015-3217
12 May 2016 — PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9769 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2014-9769
28 Mar 2016 — pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. pcre_jit_compile.c en PCRE 8.35 no utiliza correctamente saltos de tabla para optimizar alternativas anidadas, lo que permite a atacantes rem... • http://vcs.pcre.org/pcre?view=revision&revision=1475 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 19EXPL: 1CVE-2016-3191 – PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3191
17 Mar 2016 — The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. La función compile_branch en pcre_compile.c en PCRE 8.x en versione... • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 2CVE-2015-2328 – pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)
https://notcve.org/view.php?id=CVE-2015-2328
02 Dec 2015 — PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.36 no maneja correctamente el patrón /((?(R)a|(? • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-19: Data Processing Errors CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 9%CPEs: 24EXPL: 0CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)
https://notcve.org/view.php?id=CVE-2015-8391
02 Dec 2015 — The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servi... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 6%CPEs: 5EXPL: 1CVE-2015-3210 – pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
https://notcve.org/view.php?id=CVE-2015-3210
03 Aug 2015 — Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(? • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 2CVE-2015-5073 – pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)
https://notcve.org/view.php?id=CVE-2015-5073
03 Aug 2015 — Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. Desbordamiento de búfer basado en memoria dinámica en la función find_fixedlength en pcre_compile.c en PCRE en versiones anteriores a 8.38 permite a atacantes remotos provocar una deneg... • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •