what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

PCRE 8.41 Buffer Overflow
Posted Dec 21, 2018
Authored by Jiawang Zhang

PCRE version 8.41 suffers from a buffer overflow in the match() function.

tags | exploit, overflow
advisories | CVE-2017-16231
SHA-256 | 3f1207d02f6c9c3867b95b89f18c07e29db058dcc1a59efdfff8b4e9cda80af0

Related Files

Ubuntu Security Notice USN-5665-1
Posted Oct 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5665-1 - It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. It was discovered that PCRE incorrectly handled certain Unicode encoding. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-6004, CVE-2017-7186
SHA-256 | b56ea2ae108ca957c47bcd08b2711b00b86f2df54d0c53a297262c68909510ac
Ubuntu Security Notice USN-5627-1
Posted Sep 22, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5627-1 - It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-1586
SHA-256 | 7aa38649a545af11b9197793106e2db93bfb4933b2a8c062f9b3ded3df35c13e
Red Hat Security Advisory 2022-5809-01
Posted Aug 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5809-01 - The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Issues addressed include an out of bounds read vulnerability.

tags | advisory, perl
systems | linux, redhat
advisories | CVE-2022-1586
SHA-256 | 64b425ad6e0c78a1c1ba9124284ad8737404322d84451098989ae4c1b8e87b2c
Red Hat Security Advisory 2022-5251-01
Posted Jul 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5251-01 - The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Issues addressed include an out of bounds read vulnerability.

tags | advisory, perl
systems | linux, redhat
advisories | CVE-2022-1586, CVE-2022-1587
SHA-256 | 7f82598fb861b54efea0b9faf6de8baf9b04240de2e408afbe72628bf8b9ec0e
Ubuntu Security Notice USN-5425-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5425-1 - Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-20838, CVE-2020-14155
SHA-256 | ea665c758fe5de20b97d3df163ec0752b6694b10d447a57081c46cc5ea9bc553
Red Hat Security Advisory 2021-4373-04
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4373-04 - PCRE is a Perl-compatible regular expression library. Issues addressed include buffer over-read and integer overflow vulnerabilities.

tags | advisory, overflow, perl, vulnerability
systems | linux, redhat
advisories | CVE-2019-20838, CVE-2020-14155
SHA-256 | ca72ff34862c269bf762247e88771ab452e6cdd816234e639ece99fd0c3520b2
Cloud Filter Arbitrary File Creation / Privilege Escalation
Posted Jan 12, 2021
Authored by Grant Willcox, James Foreshaw | Site metasploit.com

This Metasploit module exploits a vulnerability in cldflt.sys. The Cloud Filter driver on Windows 10 v1803 and later, prior to the December 2020 updates, did not set the IO_FORCE_ACCESS_CHECK or OBJ_FORCE_ACCESS_CHECK flags when calling FltCreateFileEx() and FltCreateFileEx2() within its HsmpOpCreatePlaceholders() function with attacker controlled input. This meant that files were created with KernelMode permissions, thereby bypassing any security checks that would otherwise prevent a normal user from being able to create files in directories they don't have permissions to create files in. This module abuses this vulnerability to perform a DLL hijacking attack against the Microsoft Storage Spaces SMP service, which grants the attacker code execution as the NETWORK SERVICE user. Users are strongly encouraged to set the PAYLOAD option to one of the Meterpreter payloads, as doing so will allow them to subsequently escalate their new session from NETWORK SERVICE to SYSTEM by using Meterpreter's "getsystem" command to perform RPCSS Named Pipe Impersonation and impersonate the SYSTEM user.

tags | exploit, code execution
systems | windows
advisories | CVE-2020-1170, CVE-2020-17136
SHA-256 | 5bdffeb4ef0091f8099814e9f3a61b1346960497efc651c7566901fb62b98d96
Red Hat Security Advisory 2020-4539-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4539-01 - The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Issues addressed include an out of bounds read vulnerability.

tags | advisory, perl
systems | linux, redhat
advisories | CVE-2019-20454
SHA-256 | 85ae2ee99e09e6bac32e8e92d2c468b6cd968e67d1fed53521d14fe7af425698
Gentoo Linux Security Advisory 202006-16
Posted Jun 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-16 - A vulnerability in PCRE2 could lead to a Denial of Service condition. Versions less than 10.34 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2019-20454
SHA-256 | 57da0d9204af8a43fb45c4739f71349910a036ba3b401093fa100f72812d7054
Gentoo Linux Security Advisory 201710-25
Posted Oct 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-25 - Multiple vulnerabilities have been found in the PCRE Library, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 8.41 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-7186, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246
SHA-256 | 2193225aa04df440a7b00f39ed529a699177212702436597ca09649b8e8a3b5d
Gentoo Linux Security Advisory 201710-09
Posted Oct 9, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-9 - Multiple vulnerabilities have been found in PCRE2, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 10.30 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-7186, CVE-2017-8399, CVE-2017-8786
SHA-256 | 20f523049d179f433a84ec3a91aabdb6f7eace5bee5670114dfc29cc2783f19a
Gentoo Linux Security Advisory 201706-11
Posted Jun 7, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-11 - A vulnerability in PCRE library allows remote attackers to cause a Denial of Service condition. Versions less than 8.40-r1 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2017-6004
SHA-256 | 250d4bd3b61b0522d8ea3153c2e55479fd0cae62f924a217a3dd6988f8609e09
Gentoo Linux Security Advisory 201607-02
Posted Jul 8, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-2 - Multiple vulnerabilities have been found in libpcre, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 8.38-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-8964, CVE-2015-5073, CVE-2015-8380, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395, CVE-2016-1283
SHA-256 | 610bc68fe418743a268ef53de8330b101b2d1f80475dba23ecbd24b775cb2ca7
Slackware Security Advisory - pcre Updates
Posted Jun 21, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pcre packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-1283
SHA-256 | bb81087a01aaa55a52449ed8212fae7cacd64a6f7ca7e3768406ad119f003424
Red Hat Security Advisory 2016-1132-01
Posted May 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1132-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library, to implement regular expression support in SQL queries. Security Fix: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.

tags | advisory, perl
systems | linux, redhat
advisories | CVE-2015-3210, CVE-2015-3217, CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395, CVE-2016-0505, CVE-2016-0546
SHA-256 | 16f38212bccb8010e708385b790d7d201292446b0a15ee643f9c173716e06293
Red Hat Security Advisory 2016-1025-01
Posted May 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1025-01 - PCRE is a Perl-compatible regular expression library. Security Fix: Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code.

tags | advisory, arbitrary, perl
systems | linux, redhat
advisories | CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2016-3191
SHA-256 | b2b35b4379b6f976409d37d4c2a6be0a872ba2f001636d92ba874517e52302c6
Ubuntu Security Notice USN-2943-1
Posted Mar 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2943-1 - It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9769, CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-5073, CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395, CVE-2016-1283, CVE-2016-3191
SHA-256 | 6cbac82f606750aa69956cb42539b0ebda39d70b7a7b4d1a637a32d433f9abaf
Adobe Flash PCRE Regex Complication Logic Issue
Posted Mar 28, 2016
Authored by Google Security Research, markbrand

There's a logic error in the PCRE engine version used in Adobe Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-0318
SHA-256 | 7634c378b901e854196bb2c6638f9cdaaeebb56a0a8e8bedc196af24d7ed49f8
Slackware Security Advisory - pcre Updates
Posted Nov 25, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pcre packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3210
SHA-256 | 6b622a8497108bd0b45667aa432a5e68a79cc42f3e823428ac3c4c7d028c898e
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
SHA-256 | f100f0c5cc96a2a407b46491520f1bce43ba7ca526f4e6c69f5887bf768c2eca
Ubuntu Security Notice USN-2694-1
Posted Aug 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2694-1 - Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Kai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8964, CVE-2015-2325, CVE-2015-2326, CVE-2015-3210, CVE-2015-5073
SHA-256 | 8804417254216ccc530798963467d9a6a6c33083c90ac34da9d1be7bcc0c39c8
Mandriva Linux Security Advisory 2015-137
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-137 - A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8964
SHA-256 | 3f1acf93b81dd2f291d5c88b3fdbd7075ea2f9e1852e2d13d0088a3fa3175a93
Adobe Flash Player PCRE Regex Logic Error
Posted Mar 18, 2015
Authored by sinn3r, Mark Brand | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode.

tags | exploit, arbitrary
advisories | CVE-2015-0318
SHA-256 | 1641e648bb596d49cb885ae8a06d070b985c8aa9c12581f0fbac21adc6d108a6
Red Hat Security Advisory 2015-0330-02
Posted Mar 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0330-02 - PCRE is a Perl-compatible regular expression library. A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions. This update also adds the following enhancement: Support for the little-endian variant of IBM Power Systems has been added to the pcre packages.

tags | advisory, perl
systems | linux, redhat
advisories | CVE-2014-8964
SHA-256 | dac1fdb5f71a85809e56a712ba7a3db8546be205b97f7ec4f7128b364b177f7b
Mandriva Linux Security Advisory 2015-002
Posted Jan 5, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-002 - A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8964
SHA-256 | 2ffcd11f97716e4151519925f517a82754da69cdc9cadec64fd85a07d8718635
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close