RSS   Vulnerabilities for 'Pcre2'   RSS

2017-05-04
 
CVE-2017-8786

 
 
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

 
2017-05-01
 
CVE-2017-8399

CWE-119
 
 
PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."

 
2017-03-19
 
CVE-2017-7186

CWE-119
 
 
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

 
2016-12-13
 
CVE-2015-3217

CWE-119
 
 
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

 
 
CVE-2015-3210

CWE-119
 
 
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.

 
2016-03-17
 
CVE-2016-3191

CWE-119
 
 
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

 

 >>> Vendor: PCRE 5 Products
PCRE
Perl-compatible regular expression library
Perl compatible regular expression library
Pcre2
Libpcre

Copyright 2024, cxsecurity.com

 

Back to Top