Pcre

pcre

Vendor: Pcre • 33 CVEs

CVEs (33)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-14155 6Apple GitlabNetapp+3 more 15Active Iq Unified Manager Cloud BackupClustered Data Ontap+12 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2019-20838 3Apple PcreSplunk 3Macos PcreUniversal Forwarder Nov 21, 2024 Jun 15, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
CVE-2015-2326 4Mariadb OpensusePcre+1 more 4Mariadb OpensusePcre+1 more Nov 21, 2024 Jan 14, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward...Show more The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".Show less
CVE-2015-2325 4Mariadb OpensusePcre+1 more 4Mariadb OpensusePcre+1 more Nov 21, 2024 Jan 14, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a...Show more The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.Show less
CVE-2017-16231 1Pcre 1Pcre Nov 21, 2024 Mar 21, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting...Show more In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is usedShow less
CVE-2017-11164 1Pcre 1Pcre May 13, 2026 Jul 11, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
CVE-2017-7246 1Pcre 1Pcre May 13, 2026 Mar 23, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact...Show more Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-7245 1Pcre 1Pcre May 13, 2026 Mar 23, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact vi...Show more Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-7244 1Pcre 1Pcre May 13, 2026 Mar 23, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.
CVE-2017-7186 1Pcre 2Pcre Pcre2 May 13, 2026 Mar 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
CVE-2017-6004 1Pcre 1Pcre May 13, 2026 Feb 16, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and...Show more The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.Show less
CVE-2015-5073 2Ibm Pcre 2Pcre Powerkvm May 6, 2026 Dec 13, 2016 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly...Show more Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.Show less
CVE-2015-3217 2Ibm Pcre 3Pcre Pcre2Powerkvm May 6, 2026 Dec 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrat...Show more PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.\|([^\\\\W_])?)+)+$/.Show less
CVE-2015-3210 1Pcre 2Pcre Pcre2 May 6, 2026 Dec 13, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCR...Show more Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.Show less
CVE-2014-9769 1Pcre 1Pcre May 6, 2026 Mar 28, 2016 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other i...Show more pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.Show less
CVE-2016-3191 1Pcre 2Pcre Pcre2 May 6, 2026 Mar 17, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (ACCEPT) substring in conjunction with nested parentheses, which allows r...Show more The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.Show less
CVE-2016-1283 4Fedoraproject OraclePcre+1 more 4Fedora PcrePhp+1 more May 6, 2026 Jan 3, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99\|(:(?\|(?'R')(\k'R')\|((?'R')))H'R'R)(H'R))))))/ pattern and relat...Show more The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99\|(:(?\|(?'R')(\k'R')\|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.Show less
CVE-2015-8391 5Fedoraproject OraclePcre+2 more 10Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+7 more May 6, 2026 Dec 2, 2015 N/A· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a...Show more The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.Show less
CVE-2015-2328 2Oracle Pcre 2Linux Pcre May 6, 2026 Dec 2, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 PCRE before 8.36 mishandles the /((?(R)a\|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other im...Show more PCRE before 8.36 mishandles the /((?(R)a\|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.Show less
CVE-2014-8964 6Fedoraproject MariadbOpensuse+3 more 11Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+8 more May 6, 2026 Dec 16, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero...Show more Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.Show less

12 Next