MidnightBSD

Advisories for pcre

CVE-2005-2491 HIGH

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
pcre pcre 6.1
pcre pcre 6.0
pcre pcre 5.0
CVE-2005-4872 MEDIUM

Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre *
CVE-2006-7227 MEDIUM

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
pcre pcre *
CVE-2006-7228 MEDIUM

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
pcre pcre *
CVE-2014-8964 MEDIUM

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_eus 7.7
opensuse opensuse 13.1
fedoraproject fedora 19
fedoraproject fedora 21
pcre pcre *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 7.0
fedoraproject fedora 20
opensuse opensuse 13.2
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.6
oracle solaris 11.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.3
mariadb mariadb *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.6
CVE-2014-9769 HIGH

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre 8.35
CVE-2015-2325 MEDIUM

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
php php *
opensuse opensuse 13.1
pcre pcre *
opensuse opensuse 13.2
mariadb mariadb *
CVE-2015-2326 MEDIUM

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
php php *
opensuse opensuse 13.1
pcre pcre *
opensuse opensuse 13.2
mariadb mariadb *
CVE-2015-2327 HIGH

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre perl_compatible_regular_expression_library *
CVE-2015-2328 HIGH

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
pcre pcre *
oracle linux 7
CVE-2015-3210 HIGH

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
pcre pcre2 10.10
pcre pcre 8.35
pcre pcre 8.34
pcre pcre 8.36
pcre pcre 8.37
CVE-2015-3217 MEDIUM

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre 7.8
pcre pcre2 10.10
pcre pcre 8.35
pcre pcre 8.32
ibm powerkvm 2.1
pcre pcre 8.34
pcre pcre 8.33
pcre pcre 8.36
pcre pcre 8.37
ibm powerkvm 3.1
CVE-2015-5073 MEDIUM

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-200,

Products Affected

Vendor Product Version
pcre pcre *
ibm powerkvm 2.1
ibm powerkvm 3.1
CVE-2015-8380 HIGH

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 22
pcre perl_compatible_regular_expression_library *
CVE-2015-8381 HIGH

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre perl_compatible_regular_expression_library *
CVE-2015-8382 MEDIUM

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre perl_compatible_regular_expression_library 8.36
CVE-2015-8383 HIGH

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
php php *
fedoraproject fedora 22
pcre perl_compatible_regular_expression_library *
CVE-2015-8384 HIGH

PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre perl_compatible_regular_expression_library *
CVE-2015-8385 HIGH

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre perl_compatible_regular_expression_library *
oracle linux 7
CVE-2015-8386 HIGH

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
php php *
fedoraproject fedora 22
pcre perl_compatible_regular_expression_library *
oracle linux 7
CVE-2015-8387 HIGH

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
php php *
fedoraproject fedora 22
pcre perl_compatible_regular_expression_library *
CVE-2015-8388 HIGH

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-185,

Products Affected

Vendor Product Version
pcre perl_compatible_regular_expression_library *
oracle linux 7
CVE-2015-8389 HIGH

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-185,

Products Affected

Vendor Product Version
php php *
fedoraproject fedora 22
pcre perl_compatible_regular_expression_library *
CVE-2015-8390 HIGH

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-908,

Products Affected

Vendor Product Version
php php *
fedoraproject fedora 22
pcre perl_compatible_regular_expression_library *
CVE-2015-8391 HIGH

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.7
php php *
redhat enterprise_linux_eus 7.7
fedoraproject fedora 22
pcre pcre *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
oracle linux 7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.6
CVE-2015-8392 HIGH

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre perl_compatible_regular_expression_library *
CVE-2015-8393 MEDIUM

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
php php *
fedoraproject fedora 22
pcre perl_compatible_regular_expression_library *
CVE-2015-8394 HIGH

PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
php php *
pcre perl_compatible_regular_expression_library *
CVE-2015-8395 HIGH

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre perl_compatible_regular_expression_library *
CVE-2016-1283 HIGH

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
php php *
fedoraproject fedora 22
pcre pcre 8.38
oracle solaris 11.3
fedoraproject fedora 23
CVE-2016-3191 HIGH

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre 8.13
pcre pcre 8.10
pcre pcre 8.32
pcre pcre 8.34
pcre pcre 8.02
pcre pcre 8.33
pcre pcre 8.36
pcre pcre 8.31
pcre pcre 8.21
pcre pcre 8.00
pcre pcre2 *
pcre pcre 8.12
pcre pcre 8.30
pcre pcre 8.01
pcre pcre 8.20
pcre pcre 8.35
pcre pcre 8.38
pcre pcre 8.11
pcre pcre 8.37
CVE-2017-11164 HIGH

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-674,

Products Affected

Vendor Product Version
pcre pcre 8.41
CVE-2017-16231 LOW

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
pcre pcre 8.41
CVE-2017-6004 MEDIUM

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
pcre pcre *
CVE-2017-7186 MEDIUM

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre 8.40
pcre pcre2 10.23
CVE-2017-7244 MEDIUM

The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
pcre pcre 8.40
CVE-2017-7245 MEDIUM

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre 8.40
CVE-2017-7246 MEDIUM

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre 8.40
CVE-2017-8399 HIGH

PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre2 *
CVE-2017-8786 HIGH

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pcre pcre2 10.23
CVE-2019-20454 MEDIUM

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
pcre pcre2 *
splunk universal_forwarder 9.1.0
splunk universal_forwarder *
fedoraproject fedora 31
CVE-2019-20838 MEDIUM

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
splunk universal_forwarder 9.1.0
pcre pcre *
apple macos *
splunk universal_forwarder *
CVE-2020-14155 MEDIUM

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
netapp cloud_backup -
pcre pcre *
netapp h300s_firmware -
gitlab gitlab *
netapp ontap_select_deploy_administration_utility -
netapp h700s_firmware -
splunk universal_forwarder *
oracle communications_cloud_native_core_policy 1.15.0
netapp h410s_firmware -
netapp h410c_firmware -
splunk universal_forwarder 9.1.0
apple macos *
netapp active_iq_unified_manager -
netapp h500s_firmware -
netapp clustered_data_ontap -
netapp steelstore_cloud_integrated_storage -
CVE-2022-1586 MEDIUM

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
netapp h300s_firmware -
netapp ontap_select_deploy_administration_utility -
netapp hci_management_node -
netapp h700s_firmware -
netapp solidfire -
netapp h410s_firmware -
netapp h410c_firmware -
pcre pcre2 *
pcre pcre2 10.40
debian debian_linux 10.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
netapp active_iq_unified_manager -
netapp h500s_firmware -
fedoraproject fedora 35
fedoraproject fedora 36
CVE-2022-1587 MEDIUM

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
netapp h300s_firmware -
netapp ontap_select_deploy_administration_utility -
netapp hci_management_node -
netapp h700s_firmware -
netapp solidfire -
netapp h410s_firmware -
netapp h410c_firmware -
pcre pcre2 *
redhat enterprise_linux 9.0
netapp active_iq_unified_manager -
netapp h500s_firmware -
fedoraproject fedora 35
fedoraproject fedora 36
CVE-2022-41409

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

Products Affected

Vendor Product Version
pcre pcre2 *
CVE-2025-58050

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
pcre pcre2 10.45