Vulnerabilities > Pcre > Perl Compatible Regular Expression Library
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-02 | CVE-2015-8394 | Integer Overflow or Wraparound vulnerability in multiple products PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | 9.8 |
2015-12-02 | CVE-2015-8393 | Information Exposure vulnerability in multiple products pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. | 7.5 |
2015-12-02 | CVE-2015-8390 | Use of Uninitialized Resource vulnerability in multiple products PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | 9.8 |
2015-12-02 | CVE-2015-8389 | Incorrect Regular Expression vulnerability in multiple products PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | 9.8 |
2015-12-02 | CVE-2015-8387 | Integer Overflow or Wraparound vulnerability in multiple products PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | 7.3 |
2015-12-02 | CVE-2015-8386 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | 9.8 |
2015-12-02 | CVE-2015-8383 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | 9.8 |