VYPR

Pcre

by Pcre

Source repositories

CVEs (56)

  • CVE-2015-8381Dec 2, 2015
    risk 0.00cvss epss 0.05

    The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and…

  • CVE-2015-8380Dec 2, 2015
    risk 0.00cvss epss 0.04

    The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as…

  • CVE-2015-2328Dec 2, 2015
    risk 0.00cvss epss 0.05

    PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a…

  • CVE-2015-2327Dec 2, 2015
    risk 0.00cvss epss 0.04

    PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular…

  • CVE-2008-0674Feb 18, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.

  • CVE-2006-7230Nov 15, 2007
    risk 0.00cvss epss 0.02

    Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a…

  • CVE-2006-7227Nov 14, 2007
    risk 0.00cvss epss 0.04

    Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which…

  • CVE-2006-7228Nov 14, 2007
    risk 0.00cvss epss 0.04

    Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation…

  • CVE-2007-1662Nov 7, 2007
    risk 0.00cvss epss 0.03

    Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.

  • CVE-2007-1660Nov 7, 2007
    risk 0.00cvss epss 0.04

    Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute…

  • CVE-2007-4768Nov 7, 2007
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

  • CVE-2007-1659Nov 7, 2007
    risk 0.00cvss epss 0.04

    Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.

  • CVE-2007-4767Nov 7, 2007
    risk 0.00cvss epss 0.05

    Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary…

  • CVE-2007-4766Nov 7, 2007
    risk 0.00cvss epss 0.04

    Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.

  • CVE-2005-4872Dec 31, 2005
    risk 0.00cvss epss 0.02

    Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which…

  • CVE-2005-2491Aug 23, 2005
    risk 0.00cvss epss 0.04

    Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based…

Page 3 of 3