rpm package

suse/pcre&distro=SUSE Linux Enterprise Software Development Kit 12 SP1

pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Vulnerabilities (25)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2015-2325		—	< 8.39-5.1	8.39-5.1	Jan 14, 2020	The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward refere
CVE-2015-5073	Cri	9.1	< 8.39-5.1	8.39-5.1	Dec 13, 2016	Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular
CVE-2015-3217	Hig	7.5	< 8.39-5.1	8.39-5.1	Dec 13, 2016	PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.\|([^\\\\W_])?)+)+$/.
CVE-2015-3210	Cri	9.8	< 8.39-5.1	8.39-5.1	Dec 13, 2016	Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?Pc)(?Pa(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
CVE-2016-3191	Cri	9.8	< 8.39-5.1	8.39-5.1	Mar 17, 2016	The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial
CVE-2016-1283	Cri	9.8	< 8.39-5.1	8.39-5.1	Jan 3, 2016	The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99\|(:(?\|(?'R')(\k'R')\|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attack
CVE-2015-8395		—	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-20
CVE-2015-8394	Cri	9.8	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encou
CVE-2015-8393	Hig	7.5	< 8.39-5.1	8.39-5.1	Dec 2, 2015	pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
CVE-2015-8392		—	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles certain instances of the (?\| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript Re
CVE-2015-8391	Cri	9.8	< 8.39-5.1	8.39-5.1	Dec 2, 2015	The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript
CVE-2015-8390	Cri	9.8	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp obj
CVE-2015-8389	Cri	9.8	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles the /(?:\|a\|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object
CVE-2015-8388		—	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles the /(?=di(?<=(?1))\|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression,
CVE-2015-8387	Hig	7.3	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp objec
CVE-2015-8386	Cri	9.8	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a J
CVE-2015-8385		—	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles the /(?\|(\k'Pm')\|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonst
CVE-2015-8384		—	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as
CVE-2015-8383	Cri	9.8	< 8.39-5.1	8.39-5.1	Dec 2, 2015	PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by K
CVE-2015-8382		—	< 8.39-5.1	8.39-5.1	Dec 2, 2015	The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))\|(((?:(?:(?:(?:abc\|(?:abcdef))))b)abcdefghi)abc)\|((ACCEPT)))/ pattern and related patterns involving (ACCEPT), which allows remote attackers to obtain sensitive information from process memory or c

CVE-2015-2325Jan 14, 2020
affected < 8.39-5.1fixed 8.39-5.1
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward refere
CVE-2015-5073CriDec 13, 2016
affected < 8.39-5.1fixed 8.39-5.1
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular
CVE-2015-3217HigDec 13, 2016
affected < 8.39-5.1fixed 8.39-5.1
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
CVE-2015-3210CriDec 13, 2016
affected < 8.39-5.1fixed 8.39-5.1
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?Pc)(?Pa(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
CVE-2016-3191CriMar 17, 2016
affected < 8.39-5.1fixed 8.39-5.1
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial
CVE-2016-1283CriJan 3, 2016
affected < 8.39-5.1fixed 8.39-5.1
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attack
CVE-2015-8395Dec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-20
CVE-2015-8394CriDec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encou
CVE-2015-8393HigDec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
CVE-2015-8392Dec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript Re
CVE-2015-8391CriDec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript
CVE-2015-8390CriDec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp obj
CVE-2015-8389CriDec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object
CVE-2015-8388Dec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression,
CVE-2015-8387HigDec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp objec
CVE-2015-8386CriDec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a J
CVE-2015-8385Dec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonst
CVE-2015-8384Dec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as
CVE-2015-8383CriDec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by K
CVE-2015-8382Dec 2, 2015
affected < 8.39-5.1fixed 8.39-5.1
The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or c

Page 1 of 2