CVE-2019-20838 – pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
https://notcve.org/view.php?id=CVE-2019-20838
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. libpcre en PCRE versiones anteriores a 8.43, permite una lectura excesiva del búfer del asunto en JIT cuando UTF es deshabilitado, y \X o \R contiene más de un cuantificador corregido, un problema relacionado con CVE-2019-20454 • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2021/Feb/14 https://bugs.gentoo.org/717920 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://support.apple.com/kb/HT211931 https://support.apple.com/kb/HT212147 https://www.pcre.org/original/changelog.txt https://access.redhat.com/security/cve/CVE-2019-20838 https://bugzilla.redhat.com/show_bug.cgi?id=1848444 • CWE-125: Out-of-bounds Read •
CVE-2020-14155 – pcre: Integer overflow when parsing callout numeric arguments
https://notcve.org/view.php?id=CVE-2020-14155
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2021/Feb/14 https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release https://bugs.gentoo.org/717920 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security.netapp.com/advisory/ntap-20221028-0010 https://support.apple.com/kb/HT211931 https://support.apple.com/kb/HT212147 https://www.oracle.com/security-alerts/cp • CWE-190: Integer Overflow or Wraparound •
CVE-2017-7245 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7245
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en la pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 4) o posiblemente tener otro impacto no especificado a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7245 https://bugzilla.redhat.com/show_bug.cgi?id=1437367 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7244 – pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)
https://notcve.org/view.php?id=CVE-2017-7244
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. La función _pcre32_xclass en pcre_xclass.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida) a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7244 https://bugzilla.redhat.com/show_bug.cgi?id=1437364 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2017-7246 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7246
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 268) o posiblemente tener otro impacto no especificado a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7246 https://bugzilla.redhat.com/show_bug.cgi?id=1437369 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •