Vulnerabilities > Pcre > Pcre > 2.08

DATE CVE VULNERABILITY TITLE RISK
2020-06-15 CVE-2020-14155 Integer Overflow or Wraparound vulnerability in multiple products
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
network
low complexity
pcre apple gitlab oracle netapp splunk CWE-190
5.3
2020-06-15 CVE-2019-20838 Out-of-bounds Read vulnerability in multiple products
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
network
low complexity
pcre apple splunk CWE-125
7.5
2020-01-14 CVE-2015-2326 Out-of-bounds Read vulnerability in multiple products
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
local
low complexity
pcre opensuse mariadb php CWE-125
5.5
2020-01-14 CVE-2015-2325 Out-of-bounds Write vulnerability in multiple products
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
6.8
2017-02-16 CVE-2017-6004 Out-of-bounds Read vulnerability in Pcre
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
network
low complexity
pcre CWE-125
7.5
2016-12-13 CVE-2015-5073 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
network
low complexity
ibm pcre CWE-119
6.4
2015-12-02 CVE-2015-8391 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre oracle fedoraproject redhat php CWE-119
critical
9.8
2015-12-02 CVE-2015-2328 Data Processing Errors vulnerability in multiple products
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
oracle pcre CWE-19
7.5
2014-12-16 CVE-2014-8964 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
5.0
2008-02-18 CVE-2008-0674 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
network
low complexity
pcre CWE-119
7.5