Vulnerabilities > Pcre

DATE CVE VULNERABILITY TITLE RISK
2014-12-16 CVE-2014-8964 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
5.0
2008-07-07 CVE-2008-2371 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
7.5
2008-02-18 CVE-2008-0674 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
network
low complexity
pcre CWE-119
7.5
2007-11-15 CVE-2006-7230 Numeric Errors vulnerability in Pcre
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
network
pcre CWE-189
4.3
2007-11-07 CVE-2007-4768 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
network
pcre CWE-119
6.8
2007-11-07 CVE-2007-4767 Multiple Security vulnerability in PCRE Regular Expression Library
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
network
low complexity
pcre
5.0
2007-11-07 CVE-2007-4766 Numeric Errors vulnerability in Pcre
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
network
low complexity
pcre CWE-189
7.5
2007-11-07 CVE-2007-1662 Multiple Security vulnerability in PCRE Regular Expression Library
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
network
low complexity
pcre
5.0
2007-11-07 CVE-2007-1661 Multiple Security vulnerability in PCRE Regular Expression Library
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
network
low complexity
pcre apple
6.4
2007-11-07 CVE-2007-1660 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
network
pcre CWE-119
6.8