High severity7.3NVD Advisory· Published Mar 28, 2016· Updated May 6, 2026

CVE-2014-9769

Description

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.

Affected products

Pcre/Pcre
cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vcs.pcre.org/pcrenvd
www.openwall.com/lists/oss-security/2016/03/26/1nvd
www.securityfocus.com/bid/85570nvd
www.securitytracker.com/id/1035424nvd
bugs.debian.org/819050nvd
redmine.openinfosecfoundation.org/issues/1693nvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000