CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20838 – pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
https://notcve.org/view.php?id=CVE-2019-20838
15 Jun 2020 — libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. libpcre en PCRE versiones anteriores a 8.43, permite una lectura excesiva del búfer del asunto en JIT cuando UTF es deshabilitado, y \X o \R contiene más de un cuantificador corregido, un problema relacionado con CVE-2019-20454 Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This so... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
15 Jun 2020 — libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distributi... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7244 – pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)
https://notcve.org/view.php?id=CVE-2017-7244
23 Mar 2017 — The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. La función _pcre32_xclass en pcre_xclass.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida) a través de un archivo manipulado. This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement ... • http://www.securityfocus.com/bid/97067 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7245 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7245
23 Mar 2017 — Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en la pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 4) o posiblemente tener otro impacto no especificado a través de un archivo ... • http://www.securityfocus.com/bid/97067 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7246 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7246
23 Mar 2017 — Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 268) o posiblemente tener otro impacto no especificado a través de un archivo... • http://www.securityfocus.com/bid/97067 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2017-7186 – pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)
https://notcve.org/view.php?id=CVE-2017-7186
20 Mar 2017 — libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegación de servicio (infracción de segmentación para acceso de lectura y caída de aplicación) al activar una búsqueda de propiedad Unicode no válida. It was discovered that PCRE incorrectly handled certa... • http://www.securityfocus.com/bid/97030 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •