Open mend-for-github-com[bot] opened 1 year ago
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2016-3191
### Vulnerable Libraries - pcrepcre-8.31, pcrepcre-8.31, pcrepcre-8.31
### Vulnerability DetailsThe compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
Publish Date: 2016-03-17
URL: CVE-2016-3191
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-3191
Release Date: 2016-03-17
Fix Resolution: PCRE - 8.39,PCRE2 - 10.22
CVE-2015-8391
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsThe pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8391
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8391
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8390
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8390
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8390
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8394
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
### CVSS 3 Score Details (9.8)Publish Date: 2015-12-02
URL: CVE-2015-8394
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8394
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8383
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8383
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8383
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8386
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8386
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8386
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8389
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_jit_compile.c
/release/src/router/pcre-8.31/pcre_jit_compile.c
/release/src/router/pcre-8.31/pcre_jit_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8389
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8389
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8393
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcregrep.c
/release/src/router/pcre-8.31/pcregrep.c
/release/src/router/pcre-8.31/pcregrep.c
### Vulnerability Detailspcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
Publish Date: 2015-12-02
URL: CVE-2015-8393
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8393
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2017-6004
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/pcre-8.31/pcre_jit_compile.c
/release/src/router/pcre-8.31/pcre_jit_compile.c
### Vulnerability DetailsThe compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
Publish Date: 2017-02-16
URL: CVE-2017-6004
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-6004
Release Date: 2017-02-16
Fix Resolution: libpcre - 8.44
CVE-2019-20838
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_jit_compile.c
/release/src/router/pcre-8.31/pcre_jit_compile.c
/release/src/router/pcre-8.31/pcre_jit_compile.c
### Vulnerability Detailslibpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
Publish Date: 2020-06-15
URL: CVE-2019-20838
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
Release Date: 2020-06-15
Fix Resolution: 8.43
CVE-2014-9769
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_jit_compile.c
/release/src/router/pcre-8.31/pcre_jit_compile.c
/release/src/router/pcre-8.31/pcre_jit_compile.c
### Vulnerability Detailspcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
Publish Date: 2016-03-28
URL: CVE-2014-9769
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here.
CVE-2015-8380
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_exec.c
/release/src/router/pcre-8.31/pcre_exec.c
/release/src/router/pcre-8.31/pcre_exec.c
### Vulnerability DetailsThe pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8380
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8380
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8381
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsThe compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8381
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8381
Release Date: 2015-12-02
Fix Resolution: PCRE - 8.38,PCRE2 - 10.2x
CVE-2015-8392
### Vulnerable Libraries - pcrepcre-8.31, pcrepcre-8.31
### Vulnerability DetailsPCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
Publish Date: 2015-12-02
URL: CVE-2015-8392
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8392
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8395
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
Publish Date: 2015-12-02
URL: CVE-2015-8395
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8395
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-2328
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-2328
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-2328
Release Date: 2015-12-02
Fix Resolution: 8.36
CVE-2015-8385
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8385
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8385
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-2327
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-2327
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-2327
Release Date: 2015-12-02
Fix Resolution: 8.36
CVE-2015-8388
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8388
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8388
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8387
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability DetailsPCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Publish Date: 2015-12-02
URL: CVE-2015-8387
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8387
Release Date: 2015-12-02
Fix Resolution: 8.38
CVE-2015-8382
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_exec.c
/release/src/router/pcre-8.31/pcre_exec.c
/release/src/router/pcre-8.31/pcre_exec.c
### Vulnerability DetailsThe match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
Publish Date: 2015-12-02
URL: CVE-2015-8382
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8382
Release Date: 2015-12-02
Fix Resolution: 8.37
CVE-2014-8964
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_exec.c
/release/src/router/pcre-8.31/pcre_exec.c
/release/src/router/pcre-8.31/pcre_exec.c
### Vulnerability DetailsHeap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
Publish Date: 2014-12-16
URL: CVE-2014-8964
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-8964
Release Date: 2014-12-16
Fix Resolution: pcre-debuginfo - 8.32-14,8.32-14;pcre-static - 8.32-14,8.32-14,8.32-14,8.32-14;pcre - 8.32-14,8.32-14,8.32-14,8.32-14,8.32-14;pcre-devel - 8.32-14,8.32-14,8.32-14,8.32-14;pcre-tools - 8.32-14,8.32-14
CVE-2020-14155
### Vulnerable Library - pcrepcre-8.31PERL 5 regular expression pattern matching
Library home page: https://sourceforge.net/projects/pcre/
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
/release/src/router/pcre-8.31/pcre_compile.c
### Vulnerability Detailslibpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
Publish Date: 2020-06-15
URL: CVE-2020-14155
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
Release Date: 2020-06-15
Fix Resolution: 8.44