Filtered by vendor Pcre Subscriptions
Total 57 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-8392 2 Pcre, Redhat 2 Perl Compatible Regular Expression Library, Rhel Software Collections 2024-11-21 N/A
PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
CVE-2015-8391 5 Fedoraproject, Oracle, Pcre and 2 more 12 Fedora, Linux, Pcre and 9 more 2024-11-21 9.8 Critical
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8390 3 Fedoraproject, Pcre, Php 3 Fedora, Perl Compatible Regular Expression Library, Php 2024-11-21 9.8 Critical
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8389 3 Fedoraproject, Pcre, Php 3 Fedora, Perl Compatible Regular Expression Library, Php 2024-11-21 9.8 Critical
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8388 3 Oracle, Pcre, Redhat 4 Linux, Perl Compatible Regular Expression Library, Enterprise Linux and 1 more 2024-11-21 N/A
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8387 3 Fedoraproject, Pcre, Php 3 Fedora, Perl Compatible Regular Expression Library, Php 2024-11-21 7.3 High
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8386 5 Fedoraproject, Oracle, Pcre and 2 more 6 Fedora, Linux, Perl Compatible Regular Expression Library and 3 more 2024-11-21 9.8 Critical
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8385 3 Oracle, Pcre, Redhat 4 Linux, Perl Compatible Regular Expression Library, Enterprise Linux and 1 more 2024-11-21 N/A
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8384 2 Pcre, Redhat 2 Perl Compatible Regular Expression Library, Rhel Software Collections 2024-11-21 N/A
PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
CVE-2015-8383 4 Fedoraproject, Pcre, Php and 1 more 4 Fedora, Perl Compatible Regular Expression Library, Php and 1 more 2024-11-21 9.8 Critical
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8382 1 Pcre 1 Perl Compatible Regular Expression Library 2024-11-21 N/A
The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
CVE-2015-8381 2 Pcre, Redhat 2 Perl Compatible Regular Expression Library, Rhel Software Collections 2024-11-21 N/A
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8380 2 Fedoraproject, Pcre 2 Fedora, Perl Compatible Regular Expression Library 2024-11-21 N/A
The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-5073 3 Ibm, Pcre, Redhat 4 Powerkvm, Pcre, Enterprise Linux and 1 more 2024-11-21 N/A
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
CVE-2015-3217 3 Ibm, Pcre, Redhat 5 Powerkvm, Pcre, Pcre2 and 2 more 2024-11-21 N/A
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
CVE-2015-3210 2 Pcre, Redhat 3 Pcre, Pcre2, Rhel Software Collections 2024-11-21 9.8 Critical
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
CVE-2015-2328 3 Oracle, Pcre, Redhat 4 Linux, Pcre, Enterprise Linux and 1 more 2024-11-21 N/A
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-2327 2 Pcre, Redhat 3 Perl Compatible Regular Expression Library, Enterprise Linux, Rhel Software Collections 2024-11-21 N/A
PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-2326 5 Mariadb, Opensuse, Pcre and 2 more 5 Mariadb, Opensuse, Pcre and 2 more 2024-11-21 5.5 Medium
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
CVE-2015-2325 5 Mariadb, Opensuse, Pcre and 2 more 5 Mariadb, Opensuse, Pcre and 2 more 2024-11-21 7.8 High
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.