VulnerableCode Package Details - pkg:deb/ubuntu/pcre2@10.31-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-hyp6-74p8-aaap Aliases: CVE-2017-7186	libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.	10.32-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jcnx-yyhm-aaab Aliases: CVE-2019-20454	Out-of-bounds Read An out-of-bounds read was discovered in PCRE when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.	10.34-7 Affected by 0 other vulnerabilities.
VCID-ptm9-5wpw-aaaf Aliases: CVE-2017-8786	Improper Restriction of Operations within the Bounds of a Memory Buffer pcre2test.c in PCRE2 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.	10.32-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-hyp6-74p8-aaap
Aliases:
CVE-2017-7186

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

10.32-4
Affected by 1 other vulnerability.

VCID-jcnx-yyhm-aaab
Aliases:
CVE-2019-20454

Out-of-bounds Read An out-of-bounds read was discovered in PCRE when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

10.34-7
Affected by 0 other vulnerabilities.

VCID-ptm9-5wpw-aaaf
Aliases:
CVE-2017-8786

Improper Restriction of Operations within the Bounds of a Memory Buffer pcre2test.c in PCRE2 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

10.32-4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-bktm-pb4k-aaap	Improper Restriction of Operations within the Bounds of a Memory Buffer PCRE2 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."	CVE-2017-8399
VCID-zghf-77cd-aaaj	The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.	CVE-2016-3191

Vulnerability

Summary

Aliases

VCID-bktm-pb4k-aaap

Improper Restriction of Operations within the Bounds of a Memory Buffer PCRE2 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."

CVE-2017-8399

VCID-zghf-77cd-aaaj

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

CVE-2016-3191

Next non-vulnerable version	10.34-7
Latest non-vulnerable version	10.34-7
Risk	4.4