Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for pcre2 by pcre

    CVE-2025-58050 (GCVE-0-2025-58050)

    Vulnerability from nvd – Published: 2025-08-27 18:47 – Updated: 2025-08-27 19:14
    VLAI
    Title
    PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS
    Summary
    The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PCRE2Project pcre2 Affected: = 10.45
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58050",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-27T19:14:21.101932Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T19:14:38.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pcre2",
              "vendor": "PCRE2Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 10.45"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T18:47:35.041Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2"
            },
            {
              "name": "https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254"
            },
            {
              "name": "https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46"
            }
          ],
          "source": {
            "advisory": "GHSA-c2gv-xgf5-5cc2",
            "discovery": "UNKNOWN"
          },
          "title": "PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-58050",
        "datePublished": "2025-08-27T18:47:35.041Z",
        "dateReserved": "2025-08-22T14:30:32.221Z",
        "dateUpdated": "2025-08-27T19:14:38.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41409 (GCVE-0-2022-41409)

    Vulnerability from nvd – Published: 2023-07-18 00:00 – Updated: 2024-10-28 18:22
    VLAI
    Summary
    Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:42:46.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/issues/141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41409",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T18:22:33.915896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T18:22:42.917Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/PCRE2Project/pcre2/issues/141"
            },
            {
              "url": "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-41409",
        "datePublished": "2023-07-18T00:00:00.000Z",
        "dateReserved": "2022-09-26T00:00:00.000Z",
        "dateUpdated": "2024-10-28T18:22:42.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1587 (GCVE-0-2022-1587)

    Vulnerability from nvd – Published: 2022-05-16 00:00 – Updated: 2024-08-03 00:10
    VLAI
    Summary
    An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a pcre2 Affected: Fixed in pcre2-10.40.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2022-e56085ba31",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0"
              },
              {
                "name": "FEDORA-2022-a3edad0ab6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"
              },
              {
                "name": "FEDORA-2022-19f4c34184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"
              },
              {
                "name": "FEDORA-2022-9c9691d058",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
              },
              {
                "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pcre2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in pcre2-10.40."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 - Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-16T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2022-e56085ba31",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C"
            },
            {
              "url": "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0"
            },
            {
              "name": "FEDORA-2022-a3edad0ab6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"
            },
            {
              "name": "FEDORA-2022-19f4c34184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"
            },
            {
              "name": "FEDORA-2022-9c9691d058",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
            },
            {
              "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-1587",
        "datePublished": "2022-05-16T00:00:00.000Z",
        "dateReserved": "2022-05-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:10:03.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1586 (GCVE-0-2022-1586)

    Vulnerability from nvd – Published: 2022-05-16 00:00 – Updated: 2025-03-06 08:18
    VLAI
    Summary
    An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a pcre2 Affected: Fixed in pcre2-10.40.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-03-06T08:18:54.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976"
              },
              {
                "url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a"
              },
              {
                "name": "FEDORA-2022-e56085ba31",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c"
              },
              {
                "name": "FEDORA-2022-a3edad0ab6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"
              },
              {
                "name": "FEDORA-2022-19f4c34184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"
              },
              {
                "name": "FEDORA-2022-9c9691d058",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
              },
              {
                "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pcre2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in pcre2-10.40."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 - Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-16T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2022-e56085ba31",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C"
            },
            {
              "url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C"
            },
            {
              "url": "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c"
            },
            {
              "name": "FEDORA-2022-a3edad0ab6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"
            },
            {
              "name": "FEDORA-2022-19f4c34184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"
            },
            {
              "name": "FEDORA-2022-9c9691d058",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
            },
            {
              "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-1586",
        "datePublished": "2022-05-16T00:00:00.000Z",
        "dateReserved": "2022-05-05T00:00:00.000Z",
        "dateUpdated": "2025-03-06T08:18:54.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-20454 (GCVE-0-2019-20454)

    Vulnerability from nvd – Published: 2020-02-14 00:00 – Updated: 2024-08-05 02:39
    VLAI
    Summary
    An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:39:09.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=2421"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78338"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=1092"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735494"
              },
              {
                "name": "GLSA-202006-16",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202006-16"
              },
              {
                "name": "FEDORA-2020-b11cf352bd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"
              },
              {
                "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AC:H/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-16T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://bugs.exim.org/show_bug.cgi?id=2421"
            },
            {
              "url": "https://bugs.php.net/bug.php?id=78338"
            },
            {
              "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=1092"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735494"
            },
            {
              "name": "GLSA-202006-16",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202006-16"
            },
            {
              "name": "FEDORA-2020-b11cf352bd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"
            },
            {
              "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-20454",
        "datePublished": "2020-02-14T00:00:00.000Z",
        "dateReserved": "2020-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:39:09.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8786 (GCVE-0-2017-8786)

    Vulnerability from nvd – Published: 2017-05-05 00:00 – Updated: 2024-08-05 16:48
    VLAI
    Summary
    pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-05-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:48:22.018Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201710-09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-09"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=697"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=696"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=2079"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-09T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-201710-09",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-09"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=697"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=696"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=2079"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-8786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201710-09",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-09"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=697",
                  "refsource": "MISC",
                  "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=697"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=696",
                  "refsource": "MISC",
                  "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=696"
                },
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=2079",
                  "refsource": "MISC",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=2079"
                },
                {
                  "name": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/",
                  "refsource": "MISC",
                  "url": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-8786",
        "datePublished": "2017-05-05T00:00:00.000Z",
        "dateReserved": "2017-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:48:22.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8399 (GCVE-0-2017-8399)

    Vulnerability from nvd – Published: 2017-05-01 18:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-05-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:23.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201710-09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-09"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854\u0026view=markup"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=674"
              },
              {
                "name": "98315",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98315"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-28T16:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-201710-09",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-09"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854\u0026view=markup"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=674"
            },
            {
              "name": "98315",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-8399",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201710-09",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-09"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854\u0026view=markup",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854\u0026view=markup"
                },
                {
                  "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=674",
                  "refsource": "MISC",
                  "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=674"
                },
                {
                  "name": "98315",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-8399",
        "datePublished": "2017-05-01T18:00:00.000Z",
        "dateReserved": "2017-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:23.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7186 (GCVE-0-2017-7186)

    Vulnerability from nvd – Published: 2017-03-20 00:00 – Updated: 2024-08-05 15:56
    VLAI
    Summary
    libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:56:36.034Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=2052"
              },
              {
                "name": "GLSA-201710-09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-09"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
              },
              {
                "name": "97030",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97030"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
              },
              {
                "name": "RHSA-2018:2486",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2486"
              },
              {
                "name": "GLSA-201710-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-17T09:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=2052"
            },
            {
              "name": "GLSA-201710-09",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-09"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
            },
            {
              "name": "97030",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97030"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
            },
            {
              "name": "RHSA-2018:2486",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2486"
            },
            {
              "name": "GLSA-201710-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-25"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-7186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=2052",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=2052"
                },
                {
                  "name": "GLSA-201710-09",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-09"
                },
                {
                  "name": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
                },
                {
                  "name": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
                },
                {
                  "name": "97030",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97030"
                },
                {
                  "name": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/",
                  "refsource": "MISC",
                  "url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
                },
                {
                  "name": "RHSA-2018:2486",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2486"
                },
                {
                  "name": "GLSA-201710-25",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-25"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-7186",
        "datePublished": "2017-03-20T00:00:00.000Z",
        "dateReserved": "2017-03-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:56:36.034Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3217 (GCVE-0-2015-3217)

    Vulnerability from nvd – Published: 2016-12-13 16:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-06-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:31.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:1132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1132"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=1638"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
              },
              {
                "name": "RHSA-2016:1025",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
              },
              {
                "name": "RHSA-2016:2750",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
              },
              {
                "name": "75018",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75018"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-06-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-17T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:1132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1132"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=1638"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
            },
            {
              "name": "RHSA-2016:1025",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
            },
            {
              "name": "RHSA-2016:2750",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
            },
            {
              "name": "75018",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75018"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-3217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2016:1132",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1132"
                },
                {
                  "name": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566",
                  "refsource": "CONFIRM",
                  "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
                },
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=1638",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=1638"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
                },
                {
                  "name": "RHSA-2016:1025",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
                },
                {
                  "name": "RHSA-2016:2750",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
                },
                {
                  "name": "75018",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75018"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3217",
        "datePublished": "2016-12-13T16:00:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:31.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3210 (GCVE-0-2015-3210)

    Vulnerability from nvd – Published: 2016-12-13 16:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2016:1132 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/74934 vdb-entryx_refsource_BID
    http://rhn.redhat.com/errata/RHSA-2016-2750.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2015/06/01/7 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2015/1… mailing-listx_refsource_MLIST
    https://bugs.exim.org/show_bug.cgi?id=1636 x_refsource_CONFIRM
    Date Public
    2015-05-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:31.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:1132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1132"
              },
              {
                "name": "74934",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74934"
              },
              {
                "name": "RHSA-2016:2750",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
              },
              {
                "name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
              },
              {
                "name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=1636"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-05-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P\u003cB\u003ec)(?P\u003cB\u003ea(?P=B)))\u003eWGXCREDITS)/, a different vulnerability than CVE-2015-8384."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:1132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1132"
            },
            {
              "name": "74934",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74934"
            },
            {
              "name": "RHSA-2016:2750",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
            },
            {
              "name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
            },
            {
              "name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=1636"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-3210",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P\u003cB\u003ec)(?P\u003cB\u003ea(?P=B)))\u003eWGXCREDITS)/, a different vulnerability than CVE-2015-8384."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2016:1132",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1132"
                },
                {
                  "name": "74934",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74934"
                },
                {
                  "name": "RHSA-2016:2750",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
                },
                {
                  "name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
                },
                {
                  "name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
                },
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=1636",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=1636"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3210",
        "datePublished": "2016-12-13T16:00:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:31.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3191 (GCVE-0-2016-3191)

    Vulnerability from nvd – Published: 2016-03-17 23:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-02-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:58.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "84810",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84810"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
              },
              {
                "name": "RHSA-2016:1132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1132"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
              },
              {
                "name": "RHSA-2016:1025",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/815921"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/815920"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=1791"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa128"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "84810",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84810"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
            },
            {
              "name": "RHSA-2016:1132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1132"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
            },
            {
              "name": "RHSA-2016:1025",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/815921"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/815920"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=1791"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa128"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2016-3191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "84810",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84810"
                },
                {
                  "name": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489",
                  "refsource": "CONFIRM",
                  "url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
                },
                {
                  "name": "RHSA-2016:1132",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1132"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
                },
                {
                  "name": "RHSA-2016:1025",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
                },
                {
                  "name": "https://bugs.debian.org/815921",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/815921"
                },
                {
                  "name": "https://bugs.debian.org/815920",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/815920"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
                },
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=1791",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=1791"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2016-18",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2016-18"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa128",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa128"
                },
                {
                  "name": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631",
                  "refsource": "CONFIRM",
                  "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-3191",
        "datePublished": "2016-03-17T23:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:58.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-58050 (GCVE-0-2025-58050)

    Vulnerability from cvelistv5 – Published: 2025-08-27 18:47 – Updated: 2025-08-27 19:14
    VLAI
    Title
    PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS
    Summary
    The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    PCRE2Project pcre2 Affected: = 10.45
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58050",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-27T19:14:21.101932Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T19:14:38.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pcre2",
              "vendor": "PCRE2Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 10.45"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T18:47:35.041Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2"
            },
            {
              "name": "https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254"
            },
            {
              "name": "https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46"
            }
          ],
          "source": {
            "advisory": "GHSA-c2gv-xgf5-5cc2",
            "discovery": "UNKNOWN"
          },
          "title": "PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-58050",
        "datePublished": "2025-08-27T18:47:35.041Z",
        "dateReserved": "2025-08-22T14:30:32.221Z",
        "dateUpdated": "2025-08-27T19:14:38.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41409 (GCVE-0-2022-41409)

    Vulnerability from cvelistv5 – Published: 2023-07-18 00:00 – Updated: 2024-10-28 18:22
    VLAI
    Summary
    Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:42:46.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/issues/141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41409",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T18:22:33.915896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T18:22:42.917Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/PCRE2Project/pcre2/issues/141"
            },
            {
              "url": "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-41409",
        "datePublished": "2023-07-18T00:00:00.000Z",
        "dateReserved": "2022-09-26T00:00:00.000Z",
        "dateUpdated": "2024-10-28T18:22:42.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1587 (GCVE-0-2022-1587)

    Vulnerability from cvelistv5 – Published: 2022-05-16 00:00 – Updated: 2024-08-03 00:10
    VLAI
    Summary
    An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a pcre2 Affected: Fixed in pcre2-10.40.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2022-e56085ba31",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0"
              },
              {
                "name": "FEDORA-2022-a3edad0ab6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"
              },
              {
                "name": "FEDORA-2022-19f4c34184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"
              },
              {
                "name": "FEDORA-2022-9c9691d058",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
              },
              {
                "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pcre2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in pcre2-10.40."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 - Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-16T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2022-e56085ba31",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C"
            },
            {
              "url": "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0"
            },
            {
              "name": "FEDORA-2022-a3edad0ab6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"
            },
            {
              "name": "FEDORA-2022-19f4c34184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"
            },
            {
              "name": "FEDORA-2022-9c9691d058",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
            },
            {
              "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-1587",
        "datePublished": "2022-05-16T00:00:00.000Z",
        "dateReserved": "2022-05-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:10:03.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1586 (GCVE-0-2022-1586)

    Vulnerability from cvelistv5 – Published: 2022-05-16 00:00 – Updated: 2025-03-06 08:18
    VLAI
    Summary
    An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a pcre2 Affected: Fixed in pcre2-10.40.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-03-06T08:18:54.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976"
              },
              {
                "url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a"
              },
              {
                "name": "FEDORA-2022-e56085ba31",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c"
              },
              {
                "name": "FEDORA-2022-a3edad0ab6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"
              },
              {
                "name": "FEDORA-2022-19f4c34184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"
              },
              {
                "name": "FEDORA-2022-9c9691d058",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
              },
              {
                "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pcre2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in pcre2-10.40."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 - Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-16T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2022-e56085ba31",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C"
            },
            {
              "url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C"
            },
            {
              "url": "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c"
            },
            {
              "name": "FEDORA-2022-a3edad0ab6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"
            },
            {
              "name": "FEDORA-2022-19f4c34184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"
            },
            {
              "name": "FEDORA-2022-9c9691d058",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
            },
            {
              "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-1586",
        "datePublished": "2022-05-16T00:00:00.000Z",
        "dateReserved": "2022-05-05T00:00:00.000Z",
        "dateUpdated": "2025-03-06T08:18:54.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-20454 (GCVE-0-2019-20454)

    Vulnerability from cvelistv5 – Published: 2020-02-14 00:00 – Updated: 2024-08-05 02:39
    VLAI
    Summary
    An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:39:09.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=2421"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78338"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=1092"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735494"
              },
              {
                "name": "GLSA-202006-16",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202006-16"
              },
              {
                "name": "FEDORA-2020-b11cf352bd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"
              },
              {
                "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AC:H/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-16T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://bugs.exim.org/show_bug.cgi?id=2421"
            },
            {
              "url": "https://bugs.php.net/bug.php?id=78338"
            },
            {
              "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=1092"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735494"
            },
            {
              "name": "GLSA-202006-16",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202006-16"
            },
            {
              "name": "FEDORA-2020-b11cf352bd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/"
            },
            {
              "name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-20454",
        "datePublished": "2020-02-14T00:00:00.000Z",
        "dateReserved": "2020-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:39:09.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8786 (GCVE-0-2017-8786)

    Vulnerability from cvelistv5 – Published: 2017-05-05 00:00 – Updated: 2024-08-05 16:48
    VLAI
    Summary
    pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-05-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:48:22.018Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201710-09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-09"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=697"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=696"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=2079"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-09T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-201710-09",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-09"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=697"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=696"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=2079"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-8786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201710-09",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-09"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=697",
                  "refsource": "MISC",
                  "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=697"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=696",
                  "refsource": "MISC",
                  "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=696"
                },
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=2079",
                  "refsource": "MISC",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=2079"
                },
                {
                  "name": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/",
                  "refsource": "MISC",
                  "url": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-8786",
        "datePublished": "2017-05-05T00:00:00.000Z",
        "dateReserved": "2017-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:48:22.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8399 (GCVE-0-2017-8399)

    Vulnerability from cvelistv5 – Published: 2017-05-01 18:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-05-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:23.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201710-09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-09"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854\u0026view=markup"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=674"
              },
              {
                "name": "98315",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98315"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-28T16:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-201710-09",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-09"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854\u0026view=markup"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=674"
            },
            {
              "name": "98315",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-8399",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201710-09",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-09"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854\u0026view=markup",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854\u0026view=markup"
                },
                {
                  "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=674",
                  "refsource": "MISC",
                  "url": "https://vcs.pcre.org/pcre2?view=revision\u0026revision=674"
                },
                {
                  "name": "98315",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-8399",
        "datePublished": "2017-05-01T18:00:00.000Z",
        "dateReserved": "2017-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:23.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7186 (GCVE-0-2017-7186)

    Vulnerability from cvelistv5 – Published: 2017-03-20 00:00 – Updated: 2024-08-05 15:56
    VLAI
    Summary
    libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:56:36.034Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=2052"
              },
              {
                "name": "GLSA-201710-09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-09"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
              },
              {
                "name": "97030",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97030"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
              },
              {
                "name": "RHSA-2018:2486",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2486"
              },
              {
                "name": "GLSA-201710-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-17T09:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=2052"
            },
            {
              "name": "GLSA-201710-09",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-09"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
            },
            {
              "name": "97030",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97030"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
            },
            {
              "name": "RHSA-2018:2486",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2486"
            },
            {
              "name": "GLSA-201710-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-25"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-7186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=2052",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=2052"
                },
                {
                  "name": "GLSA-201710-09",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-09"
                },
                {
                  "name": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
                },
                {
                  "name": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
                },
                {
                  "name": "97030",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97030"
                },
                {
                  "name": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/",
                  "refsource": "MISC",
                  "url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
                },
                {
                  "name": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date",
                  "refsource": "CONFIRM",
                  "url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
                },
                {
                  "name": "RHSA-2018:2486",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2486"
                },
                {
                  "name": "GLSA-201710-25",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-25"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-7186",
        "datePublished": "2017-03-20T00:00:00.000Z",
        "dateReserved": "2017-03-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:56:36.034Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3210 (GCVE-0-2015-3210)

    Vulnerability from cvelistv5 – Published: 2016-12-13 16:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2016:1132 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/74934 vdb-entryx_refsource_BID
    http://rhn.redhat.com/errata/RHSA-2016-2750.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2015/06/01/7 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2015/1… mailing-listx_refsource_MLIST
    https://bugs.exim.org/show_bug.cgi?id=1636 x_refsource_CONFIRM
    Date Public
    2015-05-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:31.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:1132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1132"
              },
              {
                "name": "74934",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74934"
              },
              {
                "name": "RHSA-2016:2750",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
              },
              {
                "name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
              },
              {
                "name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=1636"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-05-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P\u003cB\u003ec)(?P\u003cB\u003ea(?P=B)))\u003eWGXCREDITS)/, a different vulnerability than CVE-2015-8384."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:1132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1132"
            },
            {
              "name": "74934",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74934"
            },
            {
              "name": "RHSA-2016:2750",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
            },
            {
              "name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
            },
            {
              "name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=1636"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-3210",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P\u003cB\u003ec)(?P\u003cB\u003ea(?P=B)))\u003eWGXCREDITS)/, a different vulnerability than CVE-2015-8384."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2016:1132",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1132"
                },
                {
                  "name": "74934",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74934"
                },
                {
                  "name": "RHSA-2016:2750",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
                },
                {
                  "name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
                },
                {
                  "name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
                },
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=1636",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=1636"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3210",
        "datePublished": "2016-12-13T16:00:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:31.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3217 (GCVE-0-2015-3217)

    Vulnerability from cvelistv5 – Published: 2016-12-13 16:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-06-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:31.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:1132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1132"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=1638"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
              },
              {
                "name": "RHSA-2016:1025",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
              },
              {
                "name": "RHSA-2016:2750",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
              },
              {
                "name": "75018",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75018"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-06-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-17T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:1132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1132"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=1638"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
            },
            {
              "name": "RHSA-2016:1025",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
            },
            {
              "name": "RHSA-2016:2750",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
            },
            {
              "name": "75018",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75018"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-3217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2016:1132",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1132"
                },
                {
                  "name": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566",
                  "refsource": "CONFIRM",
                  "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
                },
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=1638",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=1638"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
                },
                {
                  "name": "RHSA-2016:1025",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
                },
                {
                  "name": "RHSA-2016:2750",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
                },
                {
                  "name": "75018",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75018"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3217",
        "datePublished": "2016-12-13T16:00:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:31.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3191 (GCVE-0-2016-3191)

    Vulnerability from cvelistv5 – Published: 2016-03-17 23:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-02-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:58.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "84810",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84810"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
              },
              {
                "name": "RHSA-2016:1132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1132"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
              },
              {
                "name": "RHSA-2016:1025",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/815921"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/815920"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.exim.org/show_bug.cgi?id=1791"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa128"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "84810",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84810"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
            },
            {
              "name": "RHSA-2016:1132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1132"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
            },
            {
              "name": "RHSA-2016:1025",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/815921"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/815920"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=1791"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa128"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2016-3191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "84810",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84810"
                },
                {
                  "name": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489",
                  "refsource": "CONFIRM",
                  "url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
                },
                {
                  "name": "RHSA-2016:1132",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1132"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
                },
                {
                  "name": "RHSA-2016:1025",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
                },
                {
                  "name": "https://bugs.debian.org/815921",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/815921"
                },
                {
                  "name": "https://bugs.debian.org/815920",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/815920"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
                },
                {
                  "name": "https://bugs.exim.org/show_bug.cgi?id=1791",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.exim.org/show_bug.cgi?id=1791"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2016-18",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2016-18"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa128",
                  "refsource": "CONFIRM",
                  "url": "https://bto.bluecoat.com/security-advisory/sa128"
                },
                {
                  "name": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631",
                  "refsource": "CONFIRM",
                  "url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-3191",
        "datePublished": "2016-03-17T23:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:58.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }