Debian Pcre3 vulnerabilities

CVE-2015-8388 [HIGH] CVE-2015-8388: pcre3 - PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related p... PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Scope: local bookwor

CVE-2015-8381 [HIGH] CVE-2015-8381: pcre3 - The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compi... The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a den

CVE-2015-8392 [HIGH] CVE-2015-8392: pcre3 - PCRE before 8.38 mishandles certain instances of the (?| substring, which allows... PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. Sc

CVE-2015-8395 [HIGH] CVE-2015-8395: pcre3 - PCRE before 8.38 mishandles certain references, which allows remote attackers to... PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. Scope: local bookworm: resolved (fixed in 2:8.38-1) bullseye: res

CVE-2015-3217 [HIGH] CVE-2015-3217: pcre3 - PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, w... PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. Scope: local bookworm: resolved (fixed in 2:8.38-1) bullseye: resolved (fixed in 2:8.38-1)

CVE-2015-8385 [HIGH] CVE-2015-8385: pcre3 - PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patte... PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Scope: local bookworm: resolve

CVE-2015-8387 [HIGH] CVE-2015-8387: pcre3 - PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls... PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Scope: local bookworm: resolved (fixed in 2:8.38-1) bullseye: re

CVE-2015-8393 [HIGH] CVE-2015-8393: pcre3 - pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which mi... pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. Scope: local bookworm: resolved (fixed in 2:8.38-1) bullseye: resolved (fixed in 2:8.38-1)

CVE-2015-2326 [MEDIUM] CVE-2015-2326: pcre3 - The pcre_compile2 function in PCRE before 8.37 allows context-dependent attacker... The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". Scope: local bookworm: resolved (fixed in 2:8.35-7.2)

CVE-2015-8382 [MEDIUM] CVE-2015-8382: pcre3 - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd)... The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafte

CVE-2015-2328 [HIGH] CVE-2015-2328: pcre3 - PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns w... PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Scope: local bookworm: resolved (fixed in

CVE-2015-8380 [HIGH] CVE-2015-8380: pcre2 - The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // patter... The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Scope: local bookworm: resolved bul

CVE-2015-2325 [HIGH] CVE-2015-2325: pcre3 - The compile_branch function in PCRE before 8.37 allows context-dependent attacke... The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum q

CVE-2015-2327 [HIGH] CVE-2015-2327: pcre3 - PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patt... PCRE before 8.36 mishandles the /(((a\2)|(a*)\g))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Scope: local b

CVE-2014-9769 [HIGH] CVE-2014-9769: pcre3 - pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize ne... pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. S

CVE-2014-8964 [MEDIUM] CVE-2014-8964: pcre3 - Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to c... Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. Scope: local bookworm: resolved (fixed in 2:8.35-3.3) bullseye: resolved (fixed in 2:8.35-3.3)

CVE-2008-2371 [HIGH] CVE-2008-2371: pcre3 - Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expr... Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. Scope: local bookworm: resolved (fixed in 7.6-2.1) bullseye: resolved (fixe

CVE-2008-0674 [HIGH] CVE-2008-0674: pcre3 - Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary ... Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. Scope: local bookworm: resolved (fixed in 7.6-1) bullseye: resolved (fixed in 7.6-1)

CVE-2007-1660 [MEDIUM] CVE-2007-1660: glib2.0 - Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly c... Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye: resolved (f

CVE-2007-1662 [MEDIUM] CVE-2007-1662: glib2.0 - Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end ... Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye: resolved (fixed in 2.14.3-1) forky: res