Vulnerabilities > Pcre > Perl Compatible Regular Expression Library > Critical

DATE CVE VULNERABILITY TITLE RISK
2015-12-02 CVE-2015-8383 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-119
critical
9.8
2015-12-02 CVE-2015-8386 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject oracle php CWE-119
critical
9.8
2015-12-02 CVE-2015-8389 Incorrect Regular Expression vulnerability in multiple products
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-185
critical
9.8
2015-12-02 CVE-2015-8390 Use of Uninitialized Resource vulnerability in multiple products
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-908
critical
9.8
2015-12-02 CVE-2015-8394 Integer Overflow or Wraparound vulnerability in multiple products
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre php CWE-190
critical
9.8