VYPR

rpm package

suse/pcre&distro=SUSE Linux Enterprise Workstation Extension 12 SP5

pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Vulnerabilities (8)

  • CVE-2022-1586May 16, 2022
    affected < 8.45-8.12.1fixed 8.45-8.12.1

    An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was n

  • CVE-2019-20838Jun 15, 2020
    affected < 8.45-8.7.1fixed 8.45-8.7.1

    libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

  • CVE-2020-14155Jun 15, 2020
    affected < 8.45-8.7.1fixed 8.45-8.7.1

    libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

  • CVE-2017-7246HigMar 23, 2017
    affected < 8.45-8.7.1fixed 8.45-8.7.1

    Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-7245HigMar 23, 2017
    affected < 8.45-8.7.1fixed 8.45-8.7.1

    Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-7244MedMar 23, 2017
    affected < 8.45-8.7.1fixed 8.45-8.7.1

    The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.

  • CVE-2017-7186HigMar 20, 2017
    affected < 8.45-8.7.1fixed 8.45-8.7.1

    libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

  • CVE-2017-6004HigFeb 16, 2017
    affected < 8.45-8.7.1fixed 8.45-8.7.1

    The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.