pcre pcre vulnerabilities and exploits

(subscribe to this query)

PCRE 7.8 and 8.32 up to and including 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote malicious users to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

Pcre Pcre2 10.10 Pcre Pcre 7.8 Pcre Pcre 8.32 Pcre Pcre 8.33 Pcre Pcre 8.34 Pcre Pcre 8.35 Pcre Pcre 8.36 Pcre Pcre 8.37 Ibm Powerkvm 2.1 Ibm Powerkvm 3.1

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) prior to 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows malicious users to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-base...

Pcre Pcre 5.0 Pcre Pcre 6.0 Pcre Pcre 6.1

Perl-Compatible Regular Expression (PCRE) library prior to 6.7 allows context-dependent malicious users to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character aft...

Perl Pcre 0.91 Perl Pcre 0.92 Perl Pcre 0.93 Perl Pcre 0.94 Perl Pcre 0.95 Perl Pcre 0.96 Perl Pcre 0.97 Perl Pcre 0.98 Perl Pcre 0.99 Perl Pcre 1.00 Perl Pcre 1.01 Perl Pcre 1.02

Perl-Compatible Regular Expression (PCRE) library prior to 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent malicious users to cause a denial of service (crash) via a regular expression with a large number of named subpatterns,...

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.

Perl-Compatible Regular Expression (PCRE) library prior to 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent malicious users to cause a denial of service (crash) and ...

Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library prior to 7.3 allow context-dependent malicious users to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent malicious users to cause a denial of service (infinite loop or crash) or execute ar...

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library prior to 7.3 allows context-dependent malicious users to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent malicious users to cause a denial of service (crash), possibly involving forward references.

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook