VulnerableCode Package Details - pkg:deb/debian/pcre2@2.08-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-hvre-wgyt-23dz Aliases: CVE-2017-8786	Improper Restriction of Operations within the Bounds of a Memory Buffer pcre2test.c in PCRE2 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.	10.32-5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n3na-8bf2-r3gv Aliases: CVE-2022-1587	Out-of-bounds Read An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.	10.36-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-nhna-bk28-t3ex Aliases: CVE-2022-1586	Out-of-bounds Read An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.	10.36-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-sqxs-v4xg-5kd8 Aliases: CVE-2019-20454	A vulnerability in PCRE2 could lead to a Denial of Service condition.	10.36-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-udse-25e2-vfeb Aliases: CVE-2016-3191	Improper Restriction of Operations within the Bounds of a Memory Buffer The compile_branch function in pcre_compile.c in PCRE and pcre2_compile.c in PCRE2 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.	10.22-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ywee-ghvk-pubu Aliases: CVE-2017-7186	Improper Restriction of Operations within the Bounds of a Memory Buffer libpcre1 in PCRE and libpcre2 in PCRE2 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.	10.22-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-hvre-wgyt-23dz
Aliases:
CVE-2017-8786

Improper Restriction of Operations within the Bounds of a Memory Buffer pcre2test.c in PCRE2 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

10.32-5
Affected by 3 other vulnerabilities.

VCID-n3na-8bf2-r3gv
Aliases:
CVE-2022-1587

Out-of-bounds Read An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

10.36-2+deb11u1
Affected by 1 other vulnerability.

VCID-nhna-bk28-t3ex
Aliases:
CVE-2022-1586

Out-of-bounds Read An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

10.36-2+deb11u1
Affected by 1 other vulnerability.

VCID-sqxs-v4xg-5kd8
Aliases:
CVE-2019-20454

A vulnerability in PCRE2 could lead to a Denial of Service condition.

10.36-2+deb11u1
Affected by 1 other vulnerability.

VCID-udse-25e2-vfeb
Aliases:
CVE-2016-3191

Improper Restriction of Operations within the Bounds of a Memory Buffer The compile_branch function in pcre_compile.c in PCRE and pcre2_compile.c in PCRE2 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

10.22-3
Affected by 4 other vulnerabilities.

VCID-ywee-ghvk-pubu
Aliases:
CVE-2017-7186

Improper Restriction of Operations within the Bounds of a Memory Buffer libpcre1 in PCRE and libpcre2 in PCRE2 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

10.22-3
Affected by 4 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T23:26:42.043567+00:00	Debian Oval Importer	Affected by	VCID-sqxs-v4xg-5kd8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:05:32.252572+00:00	Debian Oval Importer	Affected by	VCID-hvre-wgyt-23dz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:45:35.821211+00:00	Debian Oval Importer	Affected by	VCID-udse-25e2-vfeb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:28:14.160432+00:00	Debian Oval Importer	Affected by	VCID-ywee-ghvk-pubu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:19:45.052625+00:00	Debian Oval Importer	Affected by	VCID-nhna-bk28-t3ex	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:04:37.354324+00:00	Debian Oval Importer	Affected by	VCID-n3na-8bf2-r3gv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T23:02:05.205783+00:00	Debian Oval Importer	Affected by	VCID-sqxs-v4xg-5kd8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:41:37.495968+00:00	Debian Oval Importer	Affected by	VCID-hvre-wgyt-23dz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:26:32.590445+00:00	Debian Oval Importer	Affected by	VCID-udse-25e2-vfeb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:11:12.353902+00:00	Debian Oval Importer	Affected by	VCID-ywee-ghvk-pubu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:03:04.535828+00:00	Debian Oval Importer	Affected by	VCID-nhna-bk28-t3ex	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:51:08.289412+00:00	Debian Oval Importer	Affected by	VCID-n3na-8bf2-r3gv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T22:36:00.451688+00:00	Debian Oval Importer	Affected by	VCID-sqxs-v4xg-5kd8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:16:41.778970+00:00	Debian Oval Importer	Affected by	VCID-hvre-wgyt-23dz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:07:01.484555+00:00	Debian Oval Importer	Affected by	VCID-udse-25e2-vfeb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:55:16.735783+00:00	Debian Oval Importer	Affected by	VCID-ywee-ghvk-pubu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:47:30.256550+00:00	Debian Oval Importer	Affected by	VCID-nhna-bk28-t3ex	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:41:11.052061+00:00	Debian Oval Importer	Affected by	VCID-n3na-8bf2-r3gv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0