rpm package
suse/pcre&distro=SUSE Linux Enterprise Server 12 SP4-LTSS
pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1586 | — | < 8.45-8.12.1 | 8.45-8.12.1 | May 16, 2022 | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was n | ||
| CVE-2019-20838 | — | < 8.45-8.7.1 | 8.45-8.7.1 | Jun 15, 2020 | libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | ||
| CVE-2020-14155 | — | < 8.45-8.7.1 | 8.45-8.7.1 | Jun 15, 2020 | libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | ||
| CVE-2017-7246 | Hig | 7.8 | < 8.45-8.7.1 | 8.45-8.7.1 | Mar 23, 2017 | Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. | |
| CVE-2017-7245 | Hig | 7.8 | < 8.45-8.7.1 | 8.45-8.7.1 | Mar 23, 2017 | Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. | |
| CVE-2017-7244 | Med | 5.5 | < 8.45-8.7.1 | 8.45-8.7.1 | Mar 23, 2017 | The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. | |
| CVE-2017-7186 | Hig | 7.5 | < 8.45-8.7.1 | 8.45-8.7.1 | Mar 20, 2017 | libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. | |
| CVE-2017-6004 | Hig | 7.5 | < 8.45-8.7.1 | 8.45-8.7.1 | Feb 16, 2017 | The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. |
- CVE-2022-1586May 16, 2022affected < 8.45-8.12.1fixed 8.45-8.12.1
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was n
- CVE-2019-20838Jun 15, 2020affected < 8.45-8.7.1fixed 8.45-8.7.1
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
- CVE-2020-14155Jun 15, 2020affected < 8.45-8.7.1fixed 8.45-8.7.1
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
- affected < 8.45-8.7.1fixed 8.45-8.7.1
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
- affected < 8.45-8.7.1fixed 8.45-8.7.1
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
- affected < 8.45-8.7.1fixed 8.45-8.7.1
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.
- affected < 8.45-8.7.1fixed 8.45-8.7.1
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
- affected < 8.45-8.7.1fixed 8.45-8.7.1
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.