FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  456560
Date:      2017-12-17
Time:      18:50:00Z
Committer: zeising

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6900e6f1-4a79-11e5-9ad8-14dae9d210b8pcre -- heap overflow vulnerability

Guanxing Wen reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex(). The Heap Overflow vulnerability is caused by the following regular expression.


A dry run of this particular regular expression with pcretest will reports "double free or corruption (!prev)". But it is actually a heap overflow problem. The overflow only affects pcre 8.x branch, pcre2 branch is not affected.

Discovery 2015-08-21
Entry 2015-08-24
lt 8.37_4
7033b42d-ef09-11e5-b766-14dae9d210b8pcre -- stack buffer overflow

Philip Hazel reports:

PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.

Discovery 2016-02-09
Entry 2016-03-21
Modified 2016-03-21
lt 8.38

lt 10.20_1
497b82e0-f9a0-11e5-92ce-002590263bf5pcre -- heap overflow vulnerability

Mitre reports:

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Discovery 2016-02-27
Entry 2016-04-03
lt 8.38_1