VYPR

Perl Compatible Regular Expression Library

by Pcre

CVEs (19)

  • CVE-2015-8394CriDec 2, 2015
    risk 0.64cvss 9.8epss 0.05

    PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object…

  • CVE-2015-8390CriDec 2, 2015
    risk 0.64cvss 9.8epss 0.05

    PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp…

  • CVE-2015-8389CriDec 2, 2015
    risk 0.64cvss 9.8epss 0.04

    PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object…

  • CVE-2015-8386CriDec 2, 2015
    risk 0.64cvss 9.8epss 0.07

    PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a…

  • CVE-2015-8383CriDec 2, 2015
    risk 0.64cvss 9.8epss 0.06

    PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by…

  • CVE-2015-8393HigDec 2, 2015
    risk 0.49cvss 7.5epss 0.04

    pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

  • CVE-2015-8387HigDec 2, 2015
    risk 0.48cvss 7.3epss 0.04

    PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp…

  • CVE-2015-8388Dec 2, 2015
    risk 0.01cvss epss 0.07

    PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression,…

  • CVE-2015-8395Dec 2, 2015
    risk 0.00cvss epss 0.04

    PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to…

  • CVE-2015-8392Dec 2, 2015
    risk 0.00cvss epss 0.04

    PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript…

  • CVE-2015-8385Dec 2, 2015
    risk 0.00cvss epss 0.06

    PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as…

  • CVE-2015-8384Dec 2, 2015
    risk 0.00cvss epss 0.03

    PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression,…

  • CVE-2015-8382Dec 2, 2015
    risk 0.00cvss epss 0.04

    The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or…

  • CVE-2015-8381Dec 2, 2015
    risk 0.00cvss epss 0.05

    The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and…

  • CVE-2015-8380Dec 2, 2015
    risk 0.00cvss epss 0.04

    The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as…

  • CVE-2015-2327Dec 2, 2015
    risk 0.00cvss epss 0.04

    PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular…

  • CVE-2006-7225Dec 3, 2007
    risk 0.00cvss epss 0.02

    Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.

  • CVE-2007-1662Nov 7, 2007
    risk 0.00cvss epss 0.03

    Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.

  • CVE-2007-1661Nov 7, 2007
    risk 0.00cvss epss 0.02

    Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as…