Vulnerabilities > Pcre > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-16 | CVE-2014-8964 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. | 5.0 |
| 2007-11-15 | CVE-2006-7230 | Numeric Errors vulnerability in Pcre Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. | 4.3 |
| 2007-11-07 | CVE-2007-4768 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | 6.8 |
| 2007-11-07 | CVE-2007-4767 | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. | 5.0 |
| 2007-11-07 | CVE-2007-1662 | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | 5.0 |
| 2007-11-07 | CVE-2007-1661 | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. | 6.4 |
| 2007-11-07 | CVE-2007-1660 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. | 6.8 |
| 2007-11-07 | CVE-2007-1659 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes. | 6.8 |