FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
497b82e0-f9a0-11e5-92ce-002590263bf5pcre -- heap overflow vulnerability

Mitre reports:

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.


Discovery 2016-02-27
Entry 2016-04-03
pcre
< 8.38_1

CVE-2016-1283
ports/208260
https://bugs.exim.org/show_bug.cgi?id=1767
ff0acfb4-3efa-11e5-93ad-002590263bf5pcre -- heap overflow vulnerability in '(?|' situations

Venustech ADLAB reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execute arbitrary code in the context of the user running the affected application.

Latest version of PCRE is prone to a Heap Overflow vulnerability which could caused by the following regular expression.

/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/


Discovery 2015-08-05
Entry 2015-08-10
pcre
le 8.37_2

ports/202209
https://bugs.exim.org/show_bug.cgi?id=1667
4a88e3ed-00d3-11e5-a072-d050996490d0pcre -- multiple vulnerabilities

PCRE development team reports:

A pattern such as "((?2){0,1999}())?", which has a group containing a forward reference repeated a large (but limited) number of times within a repeated outer group that has a zero minimum quantifier, caused incorrect code to be compiled, leading to the error "internal error: previously-checked referenced subpattern not found" when an incorrect memory address was read. This bug was reported as "heap overflow", discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number CVE-2015-2325.

A pattern such as "((?+1)(\1))/" containing a forward reference subroutine call within a group that also contained a recursive back reference caused incorrect code to be compiled. This bug was reported as "heap overflow", discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE number CVE-2015-2326.


Discovery 2015-04-28
Entry 2015-05-22
Modified 2015-06-07
pcre
< 8.37

CVE-2015-2325
CVE-2015-2326
http://www.pcre.org/original/changelog.txt
8a1d0e63-1e07-11e5-b43d-002590263bf5pcre -- Heap Overflow Vulnerability in find_fixedlength()

Venustech ADLAB reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed.

One could at least exploit this issue to read objects nearby of the affected application's memory.

Such information disclosure may also be used to bypass memory protection method such as ASLR.


Discovery 2015-06-23
Entry 2015-06-29
pcre
le 8.37_1

CVE-2015-5073
https://bugs.exim.org/show_bug.cgi?id=1651
http://vcs.pcre.org/pcre?view=revision&revision=1571
http://www.openwall.com/lists/oss-security/2015/06/26/1
6900e6f1-4a79-11e5-9ad8-14dae9d210b8pcre -- heap overflow vulnerability

Guanxing Wen reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex(). The Heap Overflow vulnerability is caused by the following regular expression.

/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/

A dry run of this particular regular expression with pcretest will reports "double free or corruption (!prev)". But it is actually a heap overflow problem. The overflow only affects pcre 8.x branch, pcre2 branch is not affected.


Discovery 2015-08-21
Entry 2015-08-24
pcre
< 8.37_4

http://seclists.org/oss-sec/2015/q3/295
https://bugs.exim.org/show_bug.cgi?id=1672
7033b42d-ef09-11e5-b766-14dae9d210b8pcre -- stack buffer overflow

Philip Hazel reports:

PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.


Discovery 2016-02-09
Entry 2016-03-21
Modified 2016-03-21
pcre
< 8.38

pcre2
< 10.20_1

https://bugs.exim.org/show_bug.cgi?id=1791
CVE-2016-3191
e69af246-0ae2-11e5-90e4-d050996490d0pcre -- multiple vulnerabilities

Venustech ADLAB reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex.

PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside match(), the stack memory could be overflowed via a crafted regular expression.


Discovery 2015-05-29
Entry 2015-06-04
Modified 2015-06-07
pcre
< 8.37_1

CVE-2015-3210
CVE-2015-3217
https://bugs.exim.org/show_bug.cgi?id=1636
https://bugs.exim.org/show_bug.cgi?id=1638