pcre perl-compatible regular expression library vulnerabilities and exploits

(subscribe to this query)

6.4

CVSSv2

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent malicious users to obtain sensitive information or cause a denial of service (crash), ...

Pcre Perl-compatible Regular Expression Library 7.0 Pcre Perl-compatible Regular Expression Library Pcre Perl-compatible Regular Expression Library 7.1 Apple Mac Os X Server 10.4.11 Apple Mac Os X 10.4.11

7.5

CVSSv2

The compile_regex function in pcre_compile.c in PCRE prior to 8.38 and pcre2_compile.c in PCRE2 prior to 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'...

Pcre Perl Compatible Regular Expression Library

6.4

CVSSv2

The match function in pcre_exec.c in PCRE prior to 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote malicious users to obtain sensitive information from process mem...

Pcre Perl Compatible Regular Expression Library 8.36

7.5

CVSSv2

PCRE prior to 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote malicious users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

Pcre Perl Compatible Regular Expression Library Php Php

7.5

CVSSv2

The pcre_exec function in pcre_exec.c in PCRE prior to 8.38 mishandles a // pattern with a \01 string, which allows remote malicious users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demo...

Pcre Perl Compatible Regular Expression Library Fedoraproject Fedora 22

7.5

CVSSv2

PCRE prior to 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote malicious users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...

Pcre Perl Compatible Regular Expression Library Fedoraproject Fedora 22 Php Php

7.5

CVSSv2

PCRE prior to 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote malicious users to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp...

Pcre Perl Compatible Regular Expression Library Fedoraproject Fedora 22 Php Php

7.5

CVSSv2

PCRE prior to 8.38 mishandles the [: and \\ substrings in character classes, which allows remote malicious users to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript Re...

Pcre Perl Compatible Regular Expression Library Fedoraproject Fedora 22 Php Php

5

CVSSv2

pcregrep in PCRE prior to 8.38 mishandles the -q option for binary files, which might allow remote malicious users to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

Pcre Perl Compatible Regular Expression Library Fedoraproject Fedora 22 Php Php

Get Started

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook