FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6900e6f1-4a79-11e5-9ad8-14dae9d210b8	pcre -- heap overflow vulnerability Guanxing Wen reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex(). The Heap Overflow vulnerability is caused by the following regular expression. /(?J:(?\|(:(?\|(?'R')(\z(?\|(?'R')(\k'R')\|((?'R')))k'R')\|((?'R')))H'Ak'Rf)\|s(?'R')))/ A dry run of this particular regular expression with pcretest will reports "double free or corruption (!prev)". But it is actually a heap overflow problem. The overflow only affects pcre 8.x branch, pcre2 branch is not affected. Discovery 2015-08-21 Entry 2015-08-24 pcre < 8.37_4 http://seclists.org/oss-sec/2015/q3/295 https://bugs.exim.org/show_bug.cgi?id=1672
497b82e0-f9a0-11e5-92ce-002590263bf5	pcre -- heap overflow vulnerability Mitre reports: The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99\|(:(?\|(?'R')(\k'R')\|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Discovery 2016-02-27 Entry 2016-04-03 pcre < 8.38_1 CVE-2016-1283 ports/208260 https://bugs.exim.org/show_bug.cgi?id=1767
7033b42d-ef09-11e5-b766-14dae9d210b8	pcre -- stack buffer overflow Philip Hazel reports: PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow. Discovery 2016-02-09 Entry 2016-03-21 Modified 2016-03-21 pcre < 8.38 pcre2 < 10.20_1 https://bugs.exim.org/show_bug.cgi?id=1791 CVE-2016-3191

VuXML ID

Description

6900e6f1-4a79-11e5-9ad8-14dae9d210b8

pcre -- heap overflow vulnerability

Guanxing Wen reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex(). The Heap Overflow vulnerability is caused by the following regular expression.

/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/

A dry run of this particular regular expression with pcretest will reports "double free or corruption (!prev)". But it is actually a heap overflow problem. The overflow only affects pcre 8.x branch, pcre2 branch is not affected.

Discovery 2015-08-21
Entry 2015-08-24
pcre

< 8.37_4

http://seclists.org/oss-sec/2015/q3/295
https://bugs.exim.org/show_bug.cgi?id=1672

497b82e0-f9a0-11e5-92ce-002590263bf5

pcre -- heap overflow vulnerability

Mitre reports:

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Discovery 2016-02-27
Entry 2016-04-03
pcre

< 8.38_1

CVE-2016-1283
ports/208260
https://bugs.exim.org/show_bug.cgi?id=1767

7033b42d-ef09-11e5-b766-14dae9d210b8

pcre -- stack buffer overflow

Philip Hazel reports:

PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.

Discovery 2016-02-09
Entry 2016-03-21
Modified 2016-03-21
pcre

< 8.38

pcre2

< 10.20_1

https://bugs.exim.org/show_bug.cgi?id=1791
CVE-2016-3191