Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2491 | 1 Pcre | 1 Pcre | 2021-06-06 | 7.5 HIGH | N/A |
| Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. | |||||
| CVE-2011-1951 | 2 Oneidentity, Pcre | 2 Syslog-ng, Pcre | 2020-05-19 | 4.3 MEDIUM | N/A |
| lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression. | |||||
| CVE-2015-2328 | 2 Oracle, Pcre | 2 Linux, Pcre | 2019-12-27 | 7.5 HIGH | N/A |
| PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2007-1659 | 1 Pcre | 1 Pcre | 2018-10-16 | 6.8 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes. | |||||
| CVE-2007-1660 | 1 Pcre | 1 Pcre | 2018-10-16 | 6.8 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. | |||||
| CVE-2007-1662 | 1 Pcre | 1 Pcre | 2018-10-16 | 5.0 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | |||||
| CVE-2006-7228 | 1 Pcre | 1 Pcre | 2018-10-16 | 6.8 MEDIUM | N/A |
| Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | |||||
| CVE-2008-0674 | 1 Pcre | 1 Pcre | 2018-10-15 | 7.5 HIGH | N/A |
| Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. | |||||
| CVE-2007-4766 | 1 Pcre | 1 Pcre | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. | |||||
| CVE-2007-4767 | 1 Pcre | 1 Pcre | 2018-10-15 | 5.0 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. | |||||
| CVE-2007-4768 | 1 Pcre | 1 Pcre | 2018-10-15 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | |||||
| CVE-2008-2371 | 1 Pcre | 1 Pcre | 2018-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. | |||||
| CVE-2006-7230 | 1 Pcre | 1 Pcre | 2017-10-11 | 4.3 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. | |||||
| CVE-2006-7227 | 1 Pcre | 1 Pcre | 2017-10-11 | 6.8 MEDIUM | N/A |
| Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | |||||
| CVE-2005-4872 | 1 Pcre | 1 Pcre | 2017-10-11 | 4.3 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | |||||