CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41409
https://notcve.org/view.php?id=CVE-2022-41409
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. • https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1586 – pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1586
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función compile_xclass_matchingpath() del archivo pcre2_jit_compile.c. Esto implica un problema de coincidencia de propiedades unicode en expresiones regulares compiladas en JIT. • https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ https:&# • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-1587 – pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1587
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función get_recurse_data_length() del archivo pcre2_jit_compile.c. Este problema afecta a las recursiones en expresiones regulares compiladas en JIT causadas por transferencias de datos duplicadas • https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-20454 – pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode
https://notcve.org/view.php?id=CVE-2019-20454
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. Se detectó una lectura fuera de límites en PCRE versiones anteriores a 10.34, cuando el patrón \X es compilado en JIT y usado para hacer coincidir temas especialmente diseñados en modo no UTF. Las aplicaciones que utilizan PCRE para analizar entradas no confiables pueden ser vulnerables a este fallo, lo que permitiría a un atacante bloquear la aplicación. • https://bugs.exim.org/show_bug.cgi?id=2421 https://bugs.php.net/bug.php?id=78338 https://bugzilla.redhat.com/show_bug.cgi?id=1735494 https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI https://security.gentoo.org/glsa/202006-16 https://vcs.pcre.org/pcre2?view=revision&revision=1092 https://access.redhat.com/security/cve/CVE-2019-20454 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-8786
https://notcve.org/view.php?id=CVE-2017-8786
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. Pcre2test.c en PCRE2 10.23 permite a atacantes remotos causar una denegación de servicio (desbordamiento de búfer basado en heap) o posiblemente otro impacto no especificado a través de una expresión regular manipulada. • https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c https://bugs.exim.org/show_bug.cgi?id=2079 https://security.gentoo.org/glsa/201710-09 https://vcs.pcre.org/pcre2?view=revision&revision=696 https://vcs.pcre.org/pcre2?view=revision&revision=697 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •