Skip to main content

Perl Compatible Regular Expression Library

16 CVEs product

Monthly

CVE-2015-8395 HIGH This Week

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-8394 CRITICAL Act Now

PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Perl Compatible Regular Expression Library PHP
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2015-8393 HIGH This Week

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Perl Compatible Regular Expression Library Fedora PHP
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2015-8392 HIGH This Week

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
CVSS 2.0
7.5
EPSS
4.4%
CVE-2015-8390 CRITICAL Act Now

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Perl Compatible Regular Expression Library Fedora PHP
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2015-8389 CRITICAL Act Now

{100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library Fedora PHP
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2015-8388 HIGH This Week

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux Perl Compatible Regular Expression Library
NVD
CVSS 2.0
7.5
EPSS
4.2%
CVE-2015-8387 HIGH This Week

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Perl Compatible Regular Expression Library Fedora PHP
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2015-8386 CRITICAL Act Now

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library Fedora Linux +1
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2015-8385 HIGH This Week

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux Perl Compatible Regular Expression Library
NVD
CVSS 2.0
7.5
EPSS
5.1%
CVE-2015-8384 HIGH This Week

{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2015-8383 CRITICAL Act Now

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library Fedora PHP
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2015-8382 MEDIUM POC This Month

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
CVSS 2.0
6.4
EPSS
1.8%
CVE-2015-8381 HIGH POC This Week

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
CVSS 2.0
7.5
EPSS
5.8%
CVE-2015-8380 HIGH POC This Week

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library Fedora
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2015-2327 HIGH POC This Week

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
CVSS 2.0
7.5
EPSS
2.8%
EPSS 2% CVSS 7.5
HIGH This Week

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Perl Compatible Regular Expression Library +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Perl Compatible Regular Expression Library Fedora +1
NVD
EPSS 4% CVSS 7.5
HIGH This Week

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Perl Compatible Regular Expression Library Fedora +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

{100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library +2
NVD
EPSS 4% CVSS 7.5
HIGH This Week

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux +1
NVD
EPSS 1% CVSS 7.3
HIGH This Week

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Perl Compatible Regular Expression Library +2
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library +3
NVD
EPSS 5% CVSS 7.5
HIGH This Week

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library +2
NVD
EPSS 2% CVSS 6.4
MEDIUM POC This Month

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Compatible Regular Expression Library
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy