FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
497b82e0-f9a0-11e5-92ce-002590263bf5	pcre -- heap overflow vulnerability Mitre reports: The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99\|(:(?\|(?'R')(\k'R')\|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Discovery 2016-02-27 Entry 2016-04-03 pcre < 8.38_1 CVE-2016-1283 ports/208260 https://bugs.exim.org/show_bug.cgi?id=1767
7033b42d-ef09-11e5-b766-14dae9d210b8	pcre -- stack buffer overflow Philip Hazel reports: PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow. Discovery 2016-02-09 Entry 2016-03-21 Modified 2016-03-21 pcre < 8.38 pcre2 < 10.20_1 https://bugs.exim.org/show_bug.cgi?id=1791 CVE-2016-3191

VuXML ID

Description

497b82e0-f9a0-11e5-92ce-002590263bf5

pcre -- heap overflow vulnerability

Mitre reports:

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Discovery 2016-02-27
Entry 2016-04-03
pcre

< 8.38_1

CVE-2016-1283
ports/208260
https://bugs.exim.org/show_bug.cgi?id=1767

7033b42d-ef09-11e5-b766-14dae9d210b8

pcre -- stack buffer overflow

Philip Hazel reports:

PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.

Discovery 2016-02-09
Entry 2016-03-21
Modified 2016-03-21
pcre

< 8.38

pcre2

< 10.20_1

https://bugs.exim.org/show_bug.cgi?id=1791
CVE-2016-3191