PCRE 8.41

CPE Details

PCRE 8.41
pcre
pcre
8.41
2017-07-17
15h43 +00:00
2017-07-17
15h43 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pcre:pcre:8.41:*:*:*:*:*:*:*

Informations

Vendor

pcre

Product

pcre

Version

8.41

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-20838 2020-06-15 14h50 +00:00 libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
7.5
High
CVE-2020-14155 2020-06-14 22h00 +00:00 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
5.3
Medium
CVE-2017-16231 2019-03-17 15h24 +00:00 In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used
5.5
Medium
CVE-2017-11164 2017-07-10 22h00 +00:00 In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.