CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 3CVE-2015-8380 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8380
02 Dec 2015 — The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_exec en pcre_exec.c en PCRE en versiones anteriores a 8.38 no maneja correctamente un patrón // con una cadena \01, lo que permite a atacantes remotos causar u... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 3CVE-2015-8381 – pcre: Buffer overflow caused by duplicate named references (8.38/36)
https://notcve.org/view.php?id=CVE-2015-8381
02 Dec 2015 — The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?' • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 2CVE-2015-8382 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8382
02 Dec 2015 — The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(? • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c351b47ce85a3a147cfa801fa9f0149ab4160834 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8384 – pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)
https://notcve.org/view.php?id=CVE-2015-8384
02 Dec 2015 — PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. PCRE en versiones anteriores a 8.38 no maneja correctamente el patrón /(? • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2015-8385 – pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)
https://notcve.org/view.php?id=CVE-2015-8385
02 Dec 2015 — PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente el patrón /(?|(\k'Pm')|(?' • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2015-8388 – pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)
https://notcve.org/view.php?id=CVE-2015-8388
02 Dec 2015 — PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-185: Incorrect Regular Expression •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2015-8392 – pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)
https://notcve.org/view.php?id=CVE-2015-8392
02 Dec 2015 — PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. PCRE en versiones anteriores a 8.38 no maneja correctamente ciertas instancias de la subcadena (?| , lo que permite a atacantes remotos causar... • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2015-8395 – pcre: Buffer overflow caused by duplicate named references (8.38/36)
https://notcve.org/view.php?id=CVE-2015-8395
02 Dec 2015 — PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. PCRE en versiones anteriores a 8.38 no maneja correctamente ciertas referencias, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a tra... • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2CVE-2015-2327 – pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)
https://notcve.org/view.php?id=CVE-2015-2327
02 Dec 2015 — PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.36 no maneja correctamente el patrón /(((a\2)|(a*)\g<-1>))*/ y patrones relacionados con ciertas referencias hacia at... • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2015-8383 – pcre: Buffer overflow caused by repeated conditional group (8.38/3)
https://notcve.org/view.php?id=CVE-2015-8383
02 Dec 2015 — PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente ciertos grupos condicionales repetidos, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •