Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Pcre Subscribe
Filtered by product Pcre
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8391 5 Fedoraproject, Oracle, Pcre and 2 more 10 Fedora, Linux, Pcre and 7 more 2023-02-16 9.0 HIGH 9.8 CRITICAL
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2011-1951 2 Oneidentity, Pcre 2 Syslog-ng, Pcre 2023-02-12 4.3 MEDIUM N/A
lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.
CVE-2006-7228 1 Pcre 1 Pcre 2023-02-12 6.8 MEDIUM N/A
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
CVE-2006-7227 1 Pcre 1 Pcre 2023-02-12 6.8 MEDIUM N/A
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
CVE-2005-4872 1 Pcre 1 Pcre 2023-02-12 4.3 MEDIUM N/A
Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
CVE-2005-2491 1 Pcre 1 Pcre 2023-02-12 7.5 HIGH N/A
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
CVE-2015-2326 4 Mariadb, Opensuse, Pcre and 1 more 4 Mariadb, Opensuse, Pcre and 1 more 2023-01-19 4.3 MEDIUM 5.5 MEDIUM
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
CVE-2020-14155 5 Apple, Gitlab, Netapp and 2 more 19 Macos, Gitlab, Active Iq Unified Manager and 16 more 2022-12-02 5.0 MEDIUM 5.3 MEDIUM
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVE-2015-2325 4 Mariadb, Opensuse, Pcre and 1 more 4 Mariadb, Opensuse, Pcre and 1 more 2022-08-05 6.8 MEDIUM 7.8 HIGH
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
CVE-2014-8964 6 Fedoraproject, Mariadb, Opensuse and 3 more 11 Fedora, Mariadb, Opensuse and 8 more 2022-08-04 5.0 MEDIUM N/A
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
CVE-2008-2371 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-08-01 7.5 HIGH N/A
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
CVE-2016-1283 4 Fedoraproject, Oracle, Pcre and 1 more 4 Fedora, Solaris, Pcre and 1 more 2022-07-20 7.5 HIGH 9.8 CRITICAL
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2019-20838 2 Apple, Pcre 2 Macos, Pcre 2021-09-22 4.3 MEDIUM 7.5 HIGH
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
CVE-2017-6004 1 Pcre 1 Pcre 2021-06-29 5.0 MEDIUM 7.5 HIGH
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
CVE-2017-11164 1 Pcre 1 Pcre 2021-02-25 7.8 HIGH 7.5 HIGH
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
CVE-2015-2328 2 Oracle, Pcre 2 Linux, Pcre 2019-12-27 7.5 HIGH N/A
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2017-16231 1 Pcre 1 Pcre 2019-04-02 2.1 LOW 5.5 MEDIUM
** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.
CVE-2007-1659 1 Pcre 1 Pcre 2018-10-16 6.8 MEDIUM N/A
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
CVE-2007-1662 1 Pcre 1 Pcre 2018-10-16 5.0 MEDIUM N/A
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
CVE-2007-1660 1 Pcre 1 Pcre 2018-10-16 6.8 MEDIUM N/A
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.