Vulnerabilites related to pcre - pcre2
cve-2017-8399
Vulnerability from cvelistv5
Published
2017-05-01 18:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201710-09 | vendor-advisory, x_refsource_GENTOO | |
| https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup | x_refsource_CONFIRM | |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783 | x_refsource_MISC | |
| https://vcs.pcre.org/pcre2?view=revision&revision=674 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/98315 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:34:23.032Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201710-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-09", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=674", }, { name: "98315", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98315", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-01T00:00:00", descriptions: [ { lang: "en", value: "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-28T16:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201710-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-09", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783", }, { tags: [ "x_refsource_MISC", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=674", }, { name: "98315", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98315", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8399", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201710-09", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-09", }, { name: "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup", refsource: "CONFIRM", url: "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup", }, { name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783", refsource: "MISC", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783", }, { name: "https://vcs.pcre.org/pcre2?view=revision&revision=674", refsource: "MISC", url: "https://vcs.pcre.org/pcre2?view=revision&revision=674", }, { name: "98315", refsource: "BID", url: "http://www.securityfocus.com/bid/98315", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8399", datePublished: "2017-05-01T18:00:00", dateReserved: "2017-05-01T00:00:00", dateUpdated: "2024-08-05T16:34:23.032Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3217
Vulnerability from cvelistv5
Published
2016-12-13 16:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2016:1132 | vendor-advisory, x_refsource_REDHAT | |
| http://vcs.pcre.org/pcre?view=revision&revision=1566 | x_refsource_CONFIRM | |
| https://bugs.exim.org/show_bug.cgi?id=1638 | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/06/03/7 | mailing-list, x_refsource_MLIST | |
| http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-1025.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1228283 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/75018 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:39:31.985Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:1132", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://vcs.pcre.org/pcre?view=revision&revision=1566", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.exim.org/show_bug.cgi?id=1638", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/06/03/7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { name: "RHSA-2016:1025", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { name: "RHSA-2016:2750", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", }, { name: "75018", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/75018", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-06-03T00:00:00", descriptions: [ { lang: "en", value: "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-17T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:1132", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://vcs.pcre.org/pcre?view=revision&revision=1566", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.exim.org/show_bug.cgi?id=1638", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/06/03/7", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { name: "RHSA-2016:1025", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { name: "RHSA-2016:2750", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", }, { name: "75018", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/75018", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-3217", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:1132", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { name: "http://vcs.pcre.org/pcre?view=revision&revision=1566", refsource: "CONFIRM", url: "http://vcs.pcre.org/pcre?view=revision&revision=1566", }, { name: "https://bugs.exim.org/show_bug.cgi?id=1638", refsource: "CONFIRM", url: "https://bugs.exim.org/show_bug.cgi?id=1638", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/06/03/7", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { name: "RHSA-2016:1025", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { name: "RHSA-2016:2750", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", }, { name: "75018", refsource: "BID", url: "http://www.securityfocus.com/bid/75018", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-3217", datePublished: "2016-12-13T16:00:00", dateReserved: "2015-04-10T00:00:00", dateUpdated: "2024-08-06T05:39:31.985Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1586
Vulnerability from cvelistv5
Published
2022-05-16 00:00
Modified
2025-03-06 08:18
Severity ?
EPSS score ?
Summary
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-03-06T08:18:54.168Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077976", }, { url: "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a", }, { name: "FEDORA-2022-e56085ba31", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C", }, { tags: [ "x_transferred", ], url: "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C", }, { tags: [ "x_transferred", ], url: "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c", }, { name: "FEDORA-2022-a3edad0ab6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", }, { name: "FEDORA-2022-19f4c34184", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", }, { name: "FEDORA-2022-9c9691d058", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221028-0009/", }, { name: "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { product: "pcre2", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in pcre2-10.40.", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 - Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-16T00:00:00.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2022-e56085ba31", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C", }, { url: "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C", }, { url: "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c", }, { name: "FEDORA-2022-a3edad0ab6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", }, { name: "FEDORA-2022-19f4c34184", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", }, { name: "FEDORA-2022-9c9691d058", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", }, { url: "https://security.netapp.com/advisory/ntap-20221028-0009/", }, { name: "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-1586", datePublished: "2022-05-16T00:00:00.000Z", dateReserved: "2022-05-05T00:00:00.000Z", dateUpdated: "2025-03-06T08:18:54.168Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3210
Vulnerability from cvelistv5
Published
2016-12-13 16:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2016:1132 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/74934 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2015/06/01/7 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/12/02/11 | mailing-list, x_refsource_MLIST | |
| https://bugs.exim.org/show_bug.cgi?id=1636 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:39:31.991Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:1132", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { name: "74934", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74934", }, { name: "RHSA-2016:2750", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { name: "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/06/01/7", }, { name: "[oss-security] 20151202 Re: Heap Overflow in PCRE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/12/02/11", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.exim.org/show_bug.cgi?id=1636", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-29T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:1132", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { name: "74934", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74934", }, { name: "RHSA-2016:2750", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { name: "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/06/01/7", }, { name: "[oss-security] 20151202 Re: Heap Overflow in PCRE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/12/02/11", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.exim.org/show_bug.cgi?id=1636", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-3210", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:1132", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { name: "74934", refsource: "BID", url: "http://www.securityfocus.com/bid/74934", }, { name: "RHSA-2016:2750", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { name: "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/06/01/7", }, { name: "[oss-security] 20151202 Re: Heap Overflow in PCRE", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/12/02/11", }, { name: "https://bugs.exim.org/show_bug.cgi?id=1636", refsource: "CONFIRM", url: "https://bugs.exim.org/show_bug.cgi?id=1636", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-3210", datePublished: "2016-12-13T16:00:00", dateReserved: "2015-04-10T00:00:00", dateUpdated: "2024-08-06T05:39:31.991Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7186
Vulnerability from cvelistv5
Published
2017-03-20 00:00
Modified
2024-08-05 15:56
Severity ?
EPSS score ?
Summary
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.exim.org/show_bug.cgi?id=2052 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201710-09 | vendor-advisory, x_refsource_GENTOO | |
| https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date | x_refsource_CONFIRM | |
| https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date | x_refsource_CONFIRM | |
| https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97030 | vdb-entry, x_refsource_BID | |
| https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ | x_refsource_MISC | |
| https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:2486 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201710-25 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:56:36.034Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.exim.org/show_bug.cgi?id=2052", }, { name: "GLSA-201710-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-09", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date", }, { name: "97030", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97030", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date", }, { name: "RHSA-2018:2486", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { name: "GLSA-201710-25", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-25", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-19T00:00:00", descriptions: [ { lang: "en", value: "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-17T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.exim.org/show_bug.cgi?id=2052", }, { name: "GLSA-201710-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-09", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date", }, { name: "97030", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97030", }, { tags: [ "x_refsource_MISC", ], url: "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date", }, { name: "RHSA-2018:2486", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { name: "GLSA-201710-25", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-25", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-7186", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.exim.org/show_bug.cgi?id=2052", refsource: "CONFIRM", url: "https://bugs.exim.org/show_bug.cgi?id=2052", }, { name: "GLSA-201710-09", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-09", }, { name: "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date", refsource: "CONFIRM", url: "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date", }, { name: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date", refsource: "CONFIRM", url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date", }, { name: "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date", refsource: "CONFIRM", url: "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date", }, { name: "97030", refsource: "BID", url: "http://www.securityfocus.com/bid/97030", }, { name: "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", refsource: "MISC", url: "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", }, { name: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date", refsource: "CONFIRM", url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date", }, { name: "RHSA-2018:2486", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { name: "GLSA-201710-25", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-25", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-7186", datePublished: "2017-03-20T00:00:00", dateReserved: "2017-03-19T00:00:00", dateUpdated: "2024-08-05T15:56:36.034Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41409
Vulnerability from cvelistv5
Published
2023-07-18 00:00
Modified
2024-10-28 18:22
Severity ?
EPSS score ?
Summary
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:46.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/PCRE2Project/pcre2/issues/141", }, { tags: [ "x_transferred", ], url: "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41409", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T18:22:33.915896Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T18:22:42.917Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/PCRE2Project/pcre2/issues/141", }, { url: "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-41409", datePublished: "2023-07-18T00:00:00", dateReserved: "2022-09-26T00:00:00", dateUpdated: "2024-10-28T18:22:42.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1587
Vulnerability from cvelistv5
Published
2022-05-16 00:00
Modified
2024-08-03 00:10
Severity ?
EPSS score ?
Summary
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:10:03.682Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2022-e56085ba31", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C", }, { tags: [ "x_transferred", ], url: "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0", }, { name: "FEDORA-2022-a3edad0ab6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", }, { name: "FEDORA-2022-19f4c34184", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", }, { name: "FEDORA-2022-9c9691d058", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221028-0009/", }, { name: "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "pcre2", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in pcre2-10.40.", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 - Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-16T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2022-e56085ba31", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C", }, { url: "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0", }, { name: "FEDORA-2022-a3edad0ab6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", }, { name: "FEDORA-2022-19f4c34184", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", }, { name: "FEDORA-2022-9c9691d058", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", }, { url: "https://security.netapp.com/advisory/ntap-20221028-0009/", }, { name: "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-1587", datePublished: "2022-05-16T00:00:00", dateReserved: "2022-05-05T00:00:00", dateUpdated: "2024-08-03T00:10:03.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3191
Vulnerability from cvelistv5
Published
2016-03-17 23:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/84810 | vdb-entry, x_refsource_BID | |
| http://vcs.pcre.org/pcre2?view=revision&revision=489 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2016:1132 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-1025.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugs.debian.org/815921 | x_refsource_CONFIRM | |
| https://bugs.debian.org/815920 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1311503 | x_refsource_CONFIRM | |
| https://bugs.exim.org/show_bug.cgi?id=1791 | x_refsource_CONFIRM | |
| https://www.tenable.com/security/tns-2016-18 | x_refsource_CONFIRM | |
| https://bto.bluecoat.com/security-advisory/sa128 | x_refsource_CONFIRM | |
| http://vcs.pcre.org/pcre?view=revision&revision=1631 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:58.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "84810", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84810", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://vcs.pcre.org/pcre2?view=revision&revision=489", }, { name: "RHSA-2016:1132", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { name: "RHSA-2016:1025", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.debian.org/815921", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.debian.org/815920", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.exim.org/show_bug.cgi?id=1791", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-18", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa128", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://vcs.pcre.org/pcre?view=revision&revision=1631", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-09T00:00:00", descriptions: [ { lang: "en", value: "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { name: "84810", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84810", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://vcs.pcre.org/pcre2?view=revision&revision=489", }, { name: "RHSA-2016:1132", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { name: "RHSA-2016:1025", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.debian.org/815921", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.debian.org/815920", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.exim.org/show_bug.cgi?id=1791", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2016-18", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bto.bluecoat.com/security-advisory/sa128", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://vcs.pcre.org/pcre?view=revision&revision=1631", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2016-3191", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "84810", refsource: "BID", url: "http://www.securityfocus.com/bid/84810", }, { name: "http://vcs.pcre.org/pcre2?view=revision&revision=489", refsource: "CONFIRM", url: "http://vcs.pcre.org/pcre2?view=revision&revision=489", }, { name: "RHSA-2016:1132", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { name: "RHSA-2016:1025", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { name: "https://bugs.debian.org/815921", refsource: "CONFIRM", url: "https://bugs.debian.org/815921", }, { name: "https://bugs.debian.org/815920", refsource: "CONFIRM", url: "https://bugs.debian.org/815920", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", }, { name: "https://bugs.exim.org/show_bug.cgi?id=1791", refsource: "CONFIRM", url: "https://bugs.exim.org/show_bug.cgi?id=1791", }, { name: "https://www.tenable.com/security/tns-2016-18", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2016-18", }, { name: "https://bto.bluecoat.com/security-advisory/sa128", refsource: "CONFIRM", url: "https://bto.bluecoat.com/security-advisory/sa128", }, { name: "http://vcs.pcre.org/pcre?view=revision&revision=1631", refsource: "CONFIRM", url: "http://vcs.pcre.org/pcre?view=revision&revision=1631", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2016-3191", datePublished: "2016-03-17T23:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:58.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8786
Vulnerability from cvelistv5
Published
2017-05-05 00:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201710-09 | vendor-advisory, x_refsource_GENTOO | |
| https://vcs.pcre.org/pcre2?view=revision&revision=697 | x_refsource_MISC | |
| https://vcs.pcre.org/pcre2?view=revision&revision=696 | x_refsource_MISC | |
| https://bugs.exim.org/show_bug.cgi?id=2079 | x_refsource_MISC | |
| https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:48:22.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201710-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-09", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=697", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=696", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.exim.org/show_bug.cgi?id=2079", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-04T00:00:00", descriptions: [ { lang: "en", value: "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-09T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201710-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-09", }, { tags: [ "x_refsource_MISC", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=697", }, { tags: [ "x_refsource_MISC", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=696", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.exim.org/show_bug.cgi?id=2079", }, { tags: [ "x_refsource_MISC", ], url: "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201710-09", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-09", }, { name: "https://vcs.pcre.org/pcre2?view=revision&revision=697", refsource: "MISC", url: "https://vcs.pcre.org/pcre2?view=revision&revision=697", }, { name: "https://vcs.pcre.org/pcre2?view=revision&revision=696", refsource: "MISC", url: "https://vcs.pcre.org/pcre2?view=revision&revision=696", }, { name: "https://bugs.exim.org/show_bug.cgi?id=2079", refsource: "MISC", url: "https://bugs.exim.org/show_bug.cgi?id=2079", }, { name: "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/", refsource: "MISC", url: "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8786", datePublished: "2017-05-05T00:00:00", dateReserved: "2017-05-04T00:00:00", dateUpdated: "2024-08-05T16:48:22.018Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20454
Vulnerability from cvelistv5
Published
2020-02-14 00:00
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.902Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.exim.org/show_bug.cgi?id=2421", }, { tags: [ "x_transferred", ], url: "https://bugs.php.net/bug.php?id=78338", }, { tags: [ "x_transferred", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=1092", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735494", }, { name: "GLSA-202006-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-16", }, { name: "FEDORA-2020-b11cf352bd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/", }, { name: "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-16T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugs.exim.org/show_bug.cgi?id=2421", }, { url: "https://bugs.php.net/bug.php?id=78338", }, { url: "https://vcs.pcre.org/pcre2?view=revision&revision=1092", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735494", }, { name: "GLSA-202006-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202006-16", }, { name: "FEDORA-2020-b11cf352bd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/", }, { name: "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20454", datePublished: "2020-02-14T00:00:00", dateReserved: "2020-02-14T00:00:00", dateUpdated: "2024-08-05T02:39:09.902Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-02-14 14:15
Modified
2024-11-21 04:38
Severity ?
Summary
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre2 | * | |
| fedoraproject | fedora | 31 | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*", matchCriteriaId: "74DDD7EA-B855-4B1E-BFEA-27D65C2483FE", versionEndExcluding: "10.34", versionStartIncluding: "10.31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.", }, { lang: "es", value: "Se detectó una lectura fuera de límites en PCRE versiones anteriores a 10.34, cuando el patrón \\X es compilado en JIT y usado para hacer coincidir temas especialmente diseñados en modo no UTF. Las aplicaciones que utilizan PCRE para analizar entradas no confiables pueden ser vulnerables a este fallo, lo que permitiría a un atacante bloquear la aplicación. El fallo ocurre en la función do_extuni_no_utf en el archivo pcre2_jit_compile.c.", }, ], id: "CVE-2019-20454", lastModified: "2024-11-21T04:38:31.003", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-14T14:15:10.593", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Permissions Required", "Third Party Advisory", ], url: "https://bugs.exim.org/show_bug.cgi?id=2421", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.php.net/bug.php?id=78338", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735494", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-16", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Patch", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=1092", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Permissions Required", "Third Party Advisory", ], url: "https://bugs.exim.org/show_bug.cgi?id=2421", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.php.net/bug.php?id=78338", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=1092", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-16 21:15
Modified
2024-11-21 06:41
Severity ?
Summary
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre2 | * | |
| redhat | enterprise_linux | 9.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| netapp | active_iq_unified_manager | - | |
| netapp | hci_management_node | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*", matchCriteriaId: "EB329299-E960-45F2-80BA-5B6B9CD346D2", versionEndExcluding: "10.40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función get_recurse_data_length() del archivo pcre2_jit_compile.c. Este problema afecta a las recursiones en expresiones regulares compiladas en JIT causadas por transferencias de datos duplicadas", }, ], id: "CVE-2022-1587", lastModified: "2024-11-21T06:41:01.463", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-16T21:15:07.847", references: [ { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0", }, { source: "secalert@redhat.com", url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221028-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221028-0009/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-16 21:15
Modified
2025-03-25 19:39
Severity ?
Summary
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre2 | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | hci_management_node | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*", matchCriteriaId: "EB329299-E960-45F2-80BA-5B6B9CD346D2", versionEndExcluding: "10.40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función compile_xclass_matchingpath() del archivo pcre2_jit_compile.c. Esto implica un problema de coincidencia de propiedades unicode en expresiones regulares compiladas en JIT. El problema es producido porque el carácter no ha sido leído completamente en la coincidencia de mayúsculas y minúsculas dentro de JIT", }, ], id: "CVE-2022-1586", lastModified: "2025-03-25T19:39:30.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-16T21:15:07.793", references: [ { source: "secalert@redhat.com", tags: [ "Broken Link", "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221028-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221028-0009/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-20 00:59
Modified
2025-04-20 01:37
Severity ?
Summary
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre:8.40:*:*:*:*:*:*:*", matchCriteriaId: "6BFAB169-4364-4D71-B0A8-2831D0A4D5F5", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre2:10.23:*:*:*:*:*:*:*", matchCriteriaId: "B80479DA-16D6-47A1-88AF-55B5C821BDEC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", }, { lang: "es", value: "Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegación de servicio (infracción de segmentación para acceso de lectura y caída de aplicación) al activar una búsqueda de propiedad Unicode no válida.", }, ], id: "CVE-2017-7186", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-20T00:59:00.190", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/97030", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://bugs.exim.org/show_bug.cgi?id=2052", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201710-09", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201710-25", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/97030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.exim.org/show_bug.cgi?id=2052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201710-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201710-25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 14:15
Modified
2024-11-21 07:23
Severity ?
Summary
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*", matchCriteriaId: "BD82E860-EFC8-4692-8EE8-1514A9184D2B", versionEndExcluding: "10.41", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", }, ], id: "CVE-2022-41409", lastModified: "2024-11-21T07:23:10.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-18T14:15:12.197", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/PCRE2Project/pcre2/issues/141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/PCRE2Project/pcre2/issues/141", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-01 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98315 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783 | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201710-09 | Third Party Advisory | |
| cve@mitre.org | https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup | ||
| cve@mitre.org | https://vcs.pcre.org/pcre2?view=revision&revision=674 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98315 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://vcs.pcre.org/pcre2?view=revision&revision=674 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*", matchCriteriaId: "66F1DE98-34B3-4DFB-BFE5-5581C3B2B12F", versionEndExcluding: "10.30", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\"", }, { lang: "es", value: "PCRE2 en versiones anteriores a la 10.30 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en pila en pcre2_match.c. Esto está relacionado con un \"pattern with very many captures\".", }, ], id: "CVE-2017-8399", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-01T18:59:00.403", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98315", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201710-09", }, { source: "cve@mitre.org", url: "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=674", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201710-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=674", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-03-17 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre | 8.00 | |
| pcre | pcre | 8.01 | |
| pcre | pcre | 8.02 | |
| pcre | pcre | 8.10 | |
| pcre | pcre | 8.11 | |
| pcre | pcre | 8.12 | |
| pcre | pcre | 8.13 | |
| pcre | pcre | 8.20 | |
| pcre | pcre | 8.21 | |
| pcre | pcre | 8.30 | |
| pcre | pcre | 8.31 | |
| pcre | pcre | 8.32 | |
| pcre | pcre | 8.33 | |
| pcre | pcre | 8.34 | |
| pcre | pcre | 8.35 | |
| pcre | pcre | 8.36 | |
| pcre | pcre | 8.37 | |
| pcre | pcre | 8.38 | |
| pcre | pcre2 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre:8.00:*:*:*:*:*:*:*", matchCriteriaId: "BE157F38-24DB-4B12-9964-F514A303C294", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.01:*:*:*:*:*:*:*", matchCriteriaId: "D4F80172-754F-4FB1-9E84-F8EC1A6B0EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.02:*:*:*:*:*:*:*", matchCriteriaId: "C109C2A1-BF9D-48CB-A027-82F3F3FA261B", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.10:*:*:*:*:*:*:*", matchCriteriaId: "B8A8DB81-0B55-4E50-A149-C1E82BDAD0C3", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.11:*:*:*:*:*:*:*", matchCriteriaId: "B2D96300-9CEF-4F64-A76F-11B1AB312579", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.12:*:*:*:*:*:*:*", matchCriteriaId: "61D64759-714E-47D8-B578-CCE4B59086EE", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.13:*:*:*:*:*:*:*", matchCriteriaId: "ACC08805-B9FC-4D8B-B486-813E4398DBBD", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.20:*:*:*:*:*:*:*", matchCriteriaId: "EFD12533-1D1E-4931-B687-CBC0A17DBF3F", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.21:*:*:*:*:*:*:*", matchCriteriaId: "6B2768BD-07FF-4C8C-8370-E84AE8D0707A", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.30:*:*:*:*:*:*:*", matchCriteriaId: "B5C9BE45-3F45-4F46-9C15-86AA2CD3F2E7", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.31:*:*:*:*:*:*:*", matchCriteriaId: "FC0CD596-3719-425E-9327-8DEE38AB138B", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*", matchCriteriaId: "4CE5EE9A-0FA0-4851-8AF3-D884B88B2E52", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*", matchCriteriaId: "5A61CB8C-6504-4602-91A5-C1595C12F6AB", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*", matchCriteriaId: "F6876A94-2609-41CE-975E-F1ADAE1BD782", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*", matchCriteriaId: "9DA3CC4F-1797-46D8-8C3D-0605E71C5EAE", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*", matchCriteriaId: "909CD13B-E836-4EBF-9433-55B4EFFE2DC4", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*", matchCriteriaId: "EF43E164-05C2-42A8-82CA-D1B643875C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.38:*:*:*:*:*:*:*", matchCriteriaId: "9DD39B35-C14D-4044-A050-660FE4EE6AC2", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*", matchCriteriaId: "4B739148-6299-4DD1-BDE5-608BDF01A44F", versionEndIncluding: "10.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", }, { lang: "es", value: "La función compile_branch en pcre_compile.c en PCRE 8.x en versiones anteriores a 8.39 y pcre2_compile.c en PCRE2 en versiones anteriores a 10.22 no maneja correctamente patrones que contienen una subcadena (*ACCEPT) en conjunción con paréntesis anidados, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffer basado en pila) a través de una expresión regular manipuada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror, también conocido como ZDI-CAN-3542.", }, ], id: "CVE-2016-3191", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-03-17T23:59:01.447", references: [ { source: "security@debian.org", url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { source: "security@debian.org", url: "http://vcs.pcre.org/pcre2?view=revision&revision=489", }, { source: "security@debian.org", url: "http://vcs.pcre.org/pcre?view=revision&revision=1631", }, { source: "security@debian.org", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { source: "security@debian.org", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "security@debian.org", url: "http://www.securityfocus.com/bid/84810", }, { source: "security@debian.org", url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { source: "security@debian.org", url: "https://bto.bluecoat.com/security-advisory/sa128", }, { source: "security@debian.org", url: "https://bugs.debian.org/815920", }, { source: "security@debian.org", url: "https://bugs.debian.org/815921", }, { source: "security@debian.org", tags: [ "Exploit", ], url: "https://bugs.exim.org/show_bug.cgi?id=1791", }, { source: "security@debian.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", }, { source: "security@debian.org", url: "https://www.tenable.com/security/tns-2016-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://vcs.pcre.org/pcre2?view=revision&revision=489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://vcs.pcre.org/pcre?view=revision&revision=1631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bto.bluecoat.com/security-advisory/sa128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.debian.org/815920", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.debian.org/815921", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugs.exim.org/show_bug.cgi?id=1791", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/tns-2016-18", }, ], sourceIdentifier: "security@debian.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-13 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre2:10.10:*:*:*:*:*:*:*", matchCriteriaId: "E64C5505-F782-443F-944C-AC17B8468406", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre:7.8:*:*:*:*:*:*:*", matchCriteriaId: "880F4520-1DD8-4423-B0E0-B3783F971167", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*", matchCriteriaId: "4CE5EE9A-0FA0-4851-8AF3-D884B88B2E52", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*", matchCriteriaId: "5A61CB8C-6504-4602-91A5-C1595C12F6AB", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*", matchCriteriaId: "F6876A94-2609-41CE-975E-F1ADAE1BD782", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*", matchCriteriaId: "9DA3CC4F-1797-46D8-8C3D-0605E71C5EAE", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*", matchCriteriaId: "909CD13B-E836-4EBF-9433-55B4EFFE2DC4", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*", matchCriteriaId: "EF43E164-05C2-42A8-82CA-D1B643875C2B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*", matchCriteriaId: "161594FF-0DF8-43C8-B532-EBB20228023D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*", matchCriteriaId: "A0744845-0230-47E7-866A-0880832B31C8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", }, { lang: "es", value: "PCRE 7.8 y 8.32 hasta la versión 8.37 y PCRE2 10.10 no maneja adecuadamente las partidas de grupo vacías, lo que podrían permitir a atacantes remotos provocar una denegación de servicio (desbordamientos de búfer basado en pila) a través de una expresión regular manipulada, según lo demostrado por /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", }, ], id: "CVE-2015-3217", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-13T16:59:02.220", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://vcs.pcre.org/pcre?view=revision&revision=1566", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2015/06/03/7", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/75018", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.exim.org/show_bug.cgi?id=1638", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://vcs.pcre.org/pcre?view=revision&revision=1566", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2015/06/03/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/75018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.exim.org/show_bug.cgi?id=1638", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-05 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre2:10.23:*:*:*:*:*:*:*", matchCriteriaId: "B80479DA-16D6-47A1-88AF-55B5C821BDEC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.", }, { lang: "es", value: "Pcre2test.c en PCRE2 10.23 permite a atacantes remotos causar una denegación de servicio (desbordamiento de búfer basado en heap) o posiblemente otro impacto no especificado a través de una expresión regular manipulada.", }, ], id: "CVE-2017-8786", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-05T00:29:00.213", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugs.exim.org/show_bug.cgi?id=2079", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201710-09", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=696", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugs.exim.org/show_bug.cgi?id=2079", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201710-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=696", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://vcs.pcre.org/pcre2?view=revision&revision=697", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-13 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre2:10.10:*:*:*:*:*:*:*", matchCriteriaId: "E64C5505-F782-443F-944C-AC17B8468406", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*", matchCriteriaId: "F6876A94-2609-41CE-975E-F1ADAE1BD782", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*", matchCriteriaId: "9DA3CC4F-1797-46D8-8C3D-0605E71C5EAE", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*", matchCriteriaId: "909CD13B-E836-4EBF-9433-55B4EFFE2DC4", vulnerable: true, }, { criteria: "cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*", matchCriteriaId: "EF43E164-05C2-42A8-82CA-D1B643875C2B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.", }, { lang: "es", value: "Desbordamiento de búfer basado en memoria dinámica en PCRE 8.34 hasta la versión 8.37 y PCRE2 10.10 permite a atacantes remotos ejecutar código arbitrario a través de una expresión regular manipulada, según lo demostrado por /^(?P=B)((?P=B)(?J:(?P\n<b>c)(?P<b>a(?P=B)))>WGXCREDITS)/, una vulnerabilidad diferente a CVE-2015-8384.</b></b>", }, ], id: "CVE-2015-3210", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-13T16:59:00.187", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2015/06/01/7", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2015/12/02/11", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/74934", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.exim.org/show_bug.cgi?id=1636", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2015/06/01/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2015/12/02/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/74934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.exim.org/show_bug.cgi?id=1636", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }