ALT-PU-2016-1611-1
Closed vulnerabilities
Modified: 2025-04-12
CVE-2016-1283
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/79825
- http://www.securitytracker.com/id/1034555
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bto.bluecoat.com/security-advisory/sa128
- https://bugs.exim.org/show_bug.cgi?id=1767
- https://security.gentoo.org/glsa/201607-02
- https://www.tenable.com/security/tns-2016-18
- https://www.tenable.com/security/tns-2017-14
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/79825
- http://www.securitytracker.com/id/1034555
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bto.bluecoat.com/security-advisory/sa128
- https://bugs.exim.org/show_bug.cgi?id=1767
- https://security.gentoo.org/glsa/201607-02
- https://www.tenable.com/security/tns-2016-18
- https://www.tenable.com/security/tns-2017-14
Modified: 2025-04-12
CVE-2016-3191
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
- http://rhn.redhat.com/errata/RHSA-2016-1025.html
- http://vcs.pcre.org/pcre2?view=revision&revision=489
- http://vcs.pcre.org/pcre?view=revision&revision=1631
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/84810
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bto.bluecoat.com/security-advisory/sa128
- https://bugs.debian.org/815920
- https://bugs.debian.org/815921
- https://bugs.exim.org/show_bug.cgi?id=1791
- https://bugzilla.redhat.com/show_bug.cgi?id=1311503
- https://www.tenable.com/security/tns-2016-18
- http://rhn.redhat.com/errata/RHSA-2016-1025.html
- http://vcs.pcre.org/pcre2?view=revision&revision=489
- http://vcs.pcre.org/pcre?view=revision&revision=1631
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/84810
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bto.bluecoat.com/security-advisory/sa128
- https://bugs.debian.org/815920
- https://bugs.debian.org/815921
- https://bugs.exim.org/show_bug.cgi?id=1791
- https://bugzilla.redhat.com/show_bug.cgi?id=1311503
- https://www.tenable.com/security/tns-2016-18
Modified: 2025-04-20
CVE-2017-6004
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
- http://www.securityfocus.com/bid/96295
- http://www.securitytracker.com/id/1037850
- https://access.redhat.com/errata/RHSA-2018:2486
- https://bugs.exim.org/show_bug.cgi?id=2035
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201706-11
- https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
- http://www.securityfocus.com/bid/96295
- http://www.securitytracker.com/id/1037850
- https://access.redhat.com/errata/RHSA-2018:2486
- https://bugs.exim.org/show_bug.cgi?id=2035
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201706-11
- https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch