PCRE 8.37

CPE Details

PCRE 8.37
pcre
pcre
8.37
2016-03-21
17h10 +00:00
2016-03-21
17h10 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*

Informations

Vendor

pcre

Product

pcre

Version

8.37

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-20838 2020-06-15 14h50 +00:00 libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
7.5
High
CVE-2020-14155 2020-06-14 22h00 +00:00 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
5.3
Medium
CVE-2017-6004 2017-02-16 10h00 +00:00 The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
7.5
High
CVE-2015-3210 2016-12-13 15h00 +00:00 Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?Pc)(?Pa(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
9.8
Critical
CVE-2015-3217 2016-12-13 15h00 +00:00 PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
7.5
High
CVE-2015-5073 2016-12-13 15h00 +00:00 Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
9.1
Critical
CVE-2016-3191 2016-03-17 22h00 +00:00 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
9.8
Critical
CVE-2015-8391 2015-12-01 23h00 +00:00 The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
9.8
Critical