VulnerableCode Package Details - pkg:deb/ubuntu/pcre3@2:8.38-3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-6spw-rdm2-aaan Aliases: CVE-2017-6004	The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.	2:8.39-3 Affected by 0 other vulnerabilities.
VCID-hyp6-74p8-aaap Aliases: CVE-2017-7186	libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.	2:8.39-3 Affected by 0 other vulnerabilities.
VCID-pc41-t4ks-aaaf Aliases: CVE-2017-7244	The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.	2:8.39-3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6spw-rdm2-aaan
Aliases:
CVE-2017-6004

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

2:8.39-3
Affected by 0 other vulnerabilities.

VCID-hyp6-74p8-aaap
Aliases:
CVE-2017-7186

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

2:8.39-3
Affected by 0 other vulnerabilities.

VCID-pc41-t4ks-aaaf
Aliases:
CVE-2017-7244

The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.

2:8.39-3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-j3fy-8rbw-aaas	The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99\|(:(?\|(?'R')(\k'R')\|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.	CVE-2016-1283
VCID-tczz-hknf-aaas	pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.	CVE-2014-9769

Vulnerability

Summary

Aliases

VCID-j3fy-8rbw-aaas

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVE-2016-1283

VCID-tczz-hknf-aaas

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.

CVE-2014-9769

Next non-vulnerable version	2:8.39-3
Latest non-vulnerable version	2:8.39-3
Risk	4.0