Search for packages
| purl | pkg:deb/ubuntu/pcre3@7.4-0ubuntu0.6.10 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1kkg-e79z-aaak
Aliases: CVE-2015-8385 |
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-1t3n-md3q-aaae
Aliases: CVE-2015-2326 |
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". |
Affected by 19 other vulnerabilities. |
|
VCID-36f9-pzhf-aaaa
Aliases: CVE-2015-2325 |
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. |
Affected by 19 other vulnerabilities. |
|
VCID-4kkz-3bys-aaae
Aliases: CVE-2015-8384 |
PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
Affected by 5 other vulnerabilities. |
|
VCID-4u9k-6k81-aaad
Aliases: CVE-2015-8391 |
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-4ywx-z8qm-aaaf
Aliases: CVE-2015-8382 |
The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-5xnd-yme2-aaas
Aliases: CVE-2015-8381 |
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 5 other vulnerabilities. |
|
VCID-62pu-ryaf-aaan
Aliases: CVE-2015-8395 |
PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
Affected by 5 other vulnerabilities. |
|
VCID-6spw-rdm2-aaan
Aliases: CVE-2017-6004 |
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. |
Affected by 0 other vulnerabilities. |
|
VCID-79bd-twxq-aaaq
Aliases: CVE-2015-8386 |
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-avc8-nem4-aaag
Aliases: CVE-2015-8388 |
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 19 other vulnerabilities. |
|
VCID-ayhy-zhnn-aaah
Aliases: CVE-2015-8380 |
The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-d2u4-qxdg-aaae
Aliases: CVE-2015-2328 |
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-d85u-8sx7-aaaf
Aliases: CVE-2015-2327 |
PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 19 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-hyp6-74p8-aaap
Aliases: CVE-2017-7186 |
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. |
Affected by 0 other vulnerabilities. |
|
VCID-j3fy-8rbw-aaas
Aliases: CVE-2016-1283 |
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 19 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-n7y2-6mxz-aaae
Aliases: CVE-2015-8393 |
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-p9gz-zwzr-aaac
Aliases: CVE-2015-8387 |
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-pc41-t4ks-aaaf
Aliases: CVE-2017-7244 |
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. |
Affected by 0 other vulnerabilities. |
|
VCID-qgpa-zy9m-aaah
Aliases: CVE-2015-8383 |
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 19 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-qyhs-abea-aaab
Aliases: CVE-2014-8964 |
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. |
Affected by 19 other vulnerabilities. |
|
VCID-rjha-4uew-aaag
Aliases: CVE-2015-5073 |
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. |
Affected by 19 other vulnerabilities. |
|
VCID-tczz-hknf-aaas
Aliases: CVE-2014-9769 |
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
Affected by 19 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-udp2-gywk-aaam
Aliases: CVE-2015-8394 |
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-uw7p-m4cr-aaak
Aliases: CVE-2015-8389 |
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 5 other vulnerabilities. |
|
VCID-v4x8-dwjg-aaar
Aliases: CVE-2015-8392 |
PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
Affected by 5 other vulnerabilities. |
|
VCID-wx2q-55wr-aaab
Aliases: CVE-2015-3210 |
Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in PCRE and PCRE2 allows remote attackers to execute arbitrary code via a crafted regular expression. |
Affected by 28 other vulnerabilities. |
|
VCID-xbf7-snf5-aaak
Aliases: CVE-2015-8390 |
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-zghf-77cd-aaaj
Aliases: CVE-2016-3191 |
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
Affected by 12 other vulnerabilities. Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|