Vulnerabilities > Pcre
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-16 | CVE-2014-8964 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. | 5.0 |
2008-07-07 | CVE-2008-2371 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. | 7.5 |
2008-02-18 | CVE-2008-0674 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. | 7.5 |
2007-11-15 | CVE-2006-7230 | Numeric Errors vulnerability in Pcre Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. | 4.3 |
2007-11-07 | CVE-2007-4768 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | 6.8 |
2007-11-07 | CVE-2007-4767 | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. | 5.0 |
2007-11-07 | CVE-2007-4766 | Numeric Errors vulnerability in Pcre Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. | 7.5 |
2007-11-07 | CVE-2007-1662 | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | 5.0 |
2007-11-07 | CVE-2007-1661 | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. | 6.4 |
2007-11-07 | CVE-2007-1660 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. | 6.8 |