VulnerableCode Package Details - pkg:deb/ubuntu/pcre2@10.20-3

Search for packages

Package details: pkg:deb/ubuntu/pcre2@10.20-3

Essentials
History (0)

purl	pkg:deb/ubuntu/pcre2@10.20-3

Next non-vulnerable version	10.34-7
Latest non-vulnerable version	10.34-7
Risk	4.4

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-bktm-pb4k-aaap Aliases: CVE-2017-8399	Improper Restriction of Operations within the Bounds of a Memory Buffer PCRE2 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."	10.31-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hyp6-74p8-aaap Aliases: CVE-2017-7186	libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.	10.32-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jcnx-yyhm-aaab Aliases: CVE-2019-20454	Out-of-bounds Read An out-of-bounds read was discovered in PCRE when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.	10.34-7 Affected by 0 other vulnerabilities.
VCID-ptm9-5wpw-aaaf Aliases: CVE-2017-8786	Improper Restriction of Operations within the Bounds of a Memory Buffer pcre2test.c in PCRE2 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.	10.32-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zghf-77cd-aaaj Aliases: CVE-2016-3191	The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.	10.31-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-5xnd-yme2-aaas	The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?\|(:(?\|(?'R')(\k'R')\|((?'R')))H'Rk'Rf)\|s(?'R'))))/ and /(?J:(?\|(:(?\|(?'R')(\z(?\|(?'R')(\k'R')\|((?'R')))k'R')\|((?'R')))H'Ak'Rf)\|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	CVE-2015-8381

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version