rpm package
suse/pcre&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8381 | — | < 8.39-5.1 | 8.39-5.1 | Dec 2, 2015 | The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and | ||
| CVE-2015-8380 | — | < 8.39-5.1 | 8.39-5.1 | Dec 2, 2015 | The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated | ||
| CVE-2015-2328 | — | < 8.39-5.1 | 8.39-5.1 | Dec 2, 2015 | PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a | ||
| CVE-2015-2327 | — | < 8.39-5.1 | 8.39-5.1 | Dec 2, 2015 | PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular ex | ||
| CVE-2014-8964 | — | < 8.39-5.1 | 8.39-5.1 | Dec 16, 2014 | Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. |
- CVE-2015-8381Dec 2, 2015affected < 8.39-5.1fixed 8.39-5.1
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and
- CVE-2015-8380Dec 2, 2015affected < 8.39-5.1fixed 8.39-5.1
The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated
- CVE-2015-2328Dec 2, 2015affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a
- CVE-2015-2327Dec 2, 2015affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular ex
- CVE-2014-8964Dec 16, 2014affected < 8.39-5.1fixed 8.39-5.1
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
Page 2 of 2