PCRE Perl-Compatible Regular Expression Library 8.37

CPE Details

PCRE Perl-Compatible Regular Expression Library 8.37
8.37
2016-01-19
15h05 +00:00
2016-01-19
15h05 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pcre:perl_compatible_regular_expression_library:8.37:*:*:*:*:*:*:*

Informations

Vendor

pcre

Product

perl_compatible_regular_expression_library

Version

8.37

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-8380 2015-12-02 00h00 +00:00 The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
7.5
CVE-2015-8381 2015-12-02 00h00 +00:00 The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
7.5
CVE-2015-8384 2015-12-02 00h00 +00:00 PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
7.5
CVE-2015-8385 2015-12-02 00h00 +00:00 PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
7.5
CVE-2015-8388 2015-12-02 00h00 +00:00 PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
7.5
CVE-2015-8392 2015-12-02 00h00 +00:00 PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
7.5
CVE-2015-8395 2015-12-02 00h00 +00:00 PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
7.5
CVE-2015-8383 2015-12-01 23h00 +00:00 PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
9.8
Critical
CVE-2015-8386 2015-12-01 23h00 +00:00 PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
9.8
Critical
CVE-2015-8387 2015-12-01 23h00 +00:00 PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
7.3
High
CVE-2015-8389 2015-12-01 23h00 +00:00 PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
9.8
Critical
CVE-2015-8390 2015-12-01 23h00 +00:00 PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
9.8
Critical
CVE-2015-8393 2015-12-01 23h00 +00:00 pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
7.5
High
CVE-2015-8394 2015-12-01 23h00 +00:00 PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
9.8
Critical