pcre pcre 8.37 vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

PCRE 7.8 and 8.32 up to and including 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote malicious users to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

Pcre Pcre2 10.10 Pcre Pcre 8.33 Pcre Pcre 8.34 Pcre Pcre 8.32 Pcre Pcre 8.37 Pcre Pcre 7.8 Pcre Pcre 8.35 Pcre Pcre 8.36 Ibm Powerkvm 3.1 Ibm Powerkvm 2.1

6.8

CVSSv2

The compile_branch function in PCRE prior to 8.37 allows context-dependent malicious users to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forwar...

Pcre Pcre Opensuse Opensuse 13.1 Opensuse Opensuse 13.2 Mariadb Mariadb Php Php

4.3

CVSSv2

The pcre_compile2 function in PCRE prior to 8.37 allows context-dependent malicious users to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back re...

Pcre Pcre Opensuse Opensuse 13.1 Opensuse Opensuse 13.2 Mariadb Mariadb Php Php

6.4

CVSSv2

The match function in pcre_exec.c in PCRE prior to 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote malicious users to obtain sensitive information from process mem...

Pcre Perl Compatible Regular Expression Library 8.36

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook