pkg:Debian/pcre3
61 total CVEsCRITICAL11HIGH11MEDIUM4
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2015-3210Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regula…from 0, < 2:8.35-7.2
- from 0, < 2:8.38-2
- from 0, < 8.02-1.1+deb6u1
- CRITICAL9.8CVE-2016-1283The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?…from 0, < 2:8.38-3.1
- CRITICAL9.8CVE-2015-8394PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (inte…from 0, < 2:8.38-1
- CRITICAL9.8CVE-2015-8391The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a den…from 0, < 2:8.38-1
- CRITICAL9.8CVE-2015-8390PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (unin…from 0, < 2:8.38-1
- CRITICAL9.8CVE-2015-8389PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (i…from 0, < 2:8.38-1
- CRITICAL9.8CVE-2015-8386PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to c…from 0, < 2:8.38-1
- CRITICAL9.8CVE-2015-8383PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflo…from 0, < 2:8.38-1
- CRITICAL9.1CVE-2015-5073Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial…from 0, < 2:8.35-7
- HIGH7.8CVE-2015-2325The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (ou…from 0, < 2:8.35-7.2
- HIGH7.8CVE-2017-7246Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a…from 0
- HIGH7.8CVE-2017-7245Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a…from 0
- HIGH7.5CVE-2019-20838libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier,…from 0
- HIGH7.5CVE-2017-11164In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing…from 0
- HIGH7.5CVE-2017-7186libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read acce…from 0, < 2:8.39-3
- HIGH7.5CVE-2017-6004The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled versi…from 0, < 2:8.39-2.1
- HIGH7.5CVE-2015-3217PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of serv…from 0, < 2:8.38-1
- HIGH7.5CVE-2015-8393pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information…from 0, < 2:8.38-1
- HIGH7.3CVE-2014-9769pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a…from 0, < 2:8.38-1
- HIGH7.3CVE-2015-8387PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of servic…from 0, < 2:8.38-1
- MEDIUM5.5CVE-2015-2326The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (…from 0, < 2:8.35-7.2
- MEDIUM5.5CVE-2017-16231In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-…from 0
- MEDIUM5.5CVE-2017-7244The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory…from 0, < 2:8.39-3
- MEDIUM5.3CVE-2020-14155libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.from 0, < 2:8.39-13
- —CVE-2015-8395PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified oth…from 0, < 2:8.38-1
- —CVE-2015-8392PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended…from 0, < 2:8.38-1
- —CVE-2015-8388PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows…from 0, < 2:8.35-7
- —CVE-2015-8385PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote at…from 0, < 2:8.38-1
- —CVE-2015-8384PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows r…from 0, < 2:8.35-7.2
- —CVE-2015-8382The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT…from 0, < 2:8.35-7.2
- —CVE-2015-8381The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R…from 0, < 2:8.38-1
- —CVE-2015-8380The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause…from 0, < 2:8.38-1
- —CVE-2015-2328PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cau…from 0, < 2:8.35-7.2
- —CVE-2015-2327PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which…from 0, < 2:8.35-7.2
- —CVE-2014-8964Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified…from 0, < 2:8.35-3.3
- from 0, < 6.7+7.4-4
- from 0, < 7.6-2.1
- from 0, < 7.4-1+lenny2
- from 0, < 7.6-1
- from 0, < 4.5+7.4-2
- from 0, < 7.4-1+lenny1
- —CVE-2006-7225Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or cras…from 0, < 6.7-1
- —CVE-2006-7226Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular express…from 0, < 6.7-1
- —CVE-2006-7230Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular…from 0, < 7.0-1
- from 0, < 6.2-1
- —CVE-2006-7228Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitra…from 0, < 6.2-1
- —CVE-2007-4766Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a den…from 0, < 7.3-1
- —CVE-2007-1660Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character…from 0, < 7.3-1
- —CVE-2007-4768Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute ar…from 0, < 7.3-1
- from 0, < 7.3-1
- from 0, < 6.7+7.4-2+lenny1
- from 0, < 4.5+7.4-1
- —CVE-2007-4767Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence,…from 0, < 7.3-1
- —CVE-2007-1661Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patter…from 0, < 7.3-1
- —CVE-2007-1662Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and par…from 0, < 7.3-1
- —CVE-2005-4872Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allow…from 0, < 6.2-1
- from 0, < 3.4-1.1woody1
- from 0, < 6.3-0.1etch1
- from 0, < 6.3-1