Information on source package pcre3

Available versions

ReleaseVersion
wheezy1:8.30-5
jessie2:8.35-3.3+deb8u4
stretch2:8.39-3
sid2:8.39-3

Open issues

BugwheezyjessiestretchsidDescription
TEMP-0827564-93E4E3fixedvulnerable (no DSA)fixedfixedStack corruption from crafted pattern
CVE-2017-7244fixedvulnerable (no DSA)fixedfixedThe _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...
CVE-2017-7186fixedvulnerable (no DSA)fixedfixedlibpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote ...
CVE-2016-3191vulnerable (no DSA)fixedfixedfixedThe compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 ...
CVE-2015-8394vulnerable (no DSA)fixedfixedfixedPCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) ...
CVE-2015-8393vulnerable (no DSA)fixedfixedfixedpcregrep in PCRE before 8.38 mishandles the -q option for binary ...
CVE-2015-8391vulnerable (no DSA)fixedfixedfixedThe pcre_compile function in pcre_compile.c in PCRE before 8.38 ...
CVE-2015-8390vulnerable (no DSA)fixedfixedfixedPCRE before 8.38 mishandles the [: and \\ substrings in character ...
CVE-2015-8388vulnerable (no DSA)fixedfixedfixedPCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and ...
CVE-2015-8387vulnerable (no DSA)fixedfixedfixedPCRE before 8.38 mishandles (?123) subroutine calls and related ...
CVE-2015-8385vulnerable (no DSA)fixedfixedfixedPCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and ...
CVE-2015-8382vulnerable (no DSA)fixedfixedfixedThe match function in pcre_exec.c in PCRE before 8.37 mishandles the ...
CVE-2015-5073vulnerable (no DSA)fixedfixedfixedHeap-based buffer overflow in the find_fixedlength function in ...
CVE-2015-3217vulnerable (no DSA)vulnerable (no DSA)fixedfixedPCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty ...
CVE-2015-2328vulnerable (no DSA)fixedfixedfixedPCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...
CVE-2015-2327vulnerable (no DSA)fixedfixedfixedPCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and ...
CVE-2014-8964vulnerable (no DSA)fixedfixedfixedHeap-based buffer overflow in PCRE 8.36 and earlier allows remote ...

Open unimportant issues

BugwheezyjessiestretchsidDescription
CVE-2017-7246fixedvulnerablevulnerablevulnerableStack-based buffer overflow in the pcre32_copy_substring function in ...
CVE-2017-7245fixedvulnerablevulnerablevulnerableStack-based buffer overflow in the pcre32_copy_substring function in ...
CVE-2015-2325vulnerablefixedfixedfixedheap buffer overflow in compile_branch()

Resolved issues

BugDescription
CVE-2017-6004The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE ...
CVE-2016-1283The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles ...
CVE-2015-8395PCRE before 8.38 mishandles certain references, which allows remote ...
CVE-2015-8392PCRE before 8.38 mishandles certain instances of the (?| substring, ...
CVE-2015-8389PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related ...
CVE-2015-8386PCRE before 8.38 mishandles the interaction of lookbehind assertions ...
CVE-2015-8384PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and ...
CVE-2015-8383PCRE before 8.38 mishandles certain repeated conditional groups, which ...
CVE-2015-8381The compile_regex function in pcre_compile.c in PCRE before 8.38 and ...
CVE-2015-8380The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a ...
CVE-2015-3210Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 ...
CVE-2015-2326heap buffer overflow in pcre_compile2()
CVE-2014-9769pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to ...
CVE-2008-2371Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible ...
CVE-2008-0674Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...
CVE-2007-4768Heap-based buffer overflow in Perl-Compatible Regular Expression ...
CVE-2007-4767Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...
CVE-2007-4766Multiple integer overflows in Perl-Compatible Regular Expression ...
CVE-2007-1662Perl-Compatible Regular Expression (PCRE) library before 7.3 reads ...
CVE-2007-1661Perl-Compatible Regular Expression (PCRE) library before 7.3 ...
CVE-2007-1660Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...
CVE-2007-1659Perl-Compatible Regular Expression (PCRE) library before 7.3 allows ...
CVE-2006-7230Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...
CVE-2006-7228Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...
CVE-2006-7227Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...
CVE-2006-7226Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...
CVE-2006-7225Perl-Compatible Regular Expression (PCRE) library before 6.7 allows ...
CVE-2005-4872Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...
CVE-2005-2491Integer overflow in pcre_compile.c in Perl Compatible Regular ...

Security announcements

DSA / DLADescription
DLA-441-1pcre3 - security update
DSA-1602-1pcre3 - arbitrary code execution
DSA-1499-1pcre3 - arbitrary code execution
DSA-1499-1pcre3 - arbitrary code execution
DSA-1399-1pcre3 - arbitrary code execution
DSA-1399-1pcre3 - arbitrary code execution
DSA-800-1pcre3 - integer overflow
DSA-800-1pcre3 - integer overflow

Search for package or bug name: Reporting problems