The compile_branch function in pcre_compile.c in PCRE 8.x prior to 8.39 and pcre2_compile.c in PCRE2 prior to 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote malicious users to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pcre pcre 8.38 |
||
pcre pcre 8.31 |
||
pcre pcre 8.30 |
||
pcre pcre 8.01 |
||
pcre pcre 8.00 |
||
pcre pcre 8.35 |
||
pcre pcre 8.34 |
||
pcre pcre 8.13 |
||
pcre pcre 8.12 |
||
pcre pcre 8.33 |
||
pcre pcre 8.32 |
||
pcre pcre 8.11 |
||
pcre pcre 8.10 |
||
pcre pcre 8.02 |
||
pcre pcre 8.37 |
||
pcre pcre 8.36 |
||
pcre pcre 8.21 |
||
pcre pcre 8.20 |
||
pcre pcre2 |