cve/CVE-2016-3191.md at 694ac234a19db48cd3b1f78eb5f461ab1f6c99f7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

POC

Reference

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Mohzeela/external-secret
https://github.com/RedHatSatellite/satellite-host-cve
https://github.com/marklogic/marklogic-docker
https://github.com/marklogic/marklogic-kubernetes
https://github.com/siddharthraopotukuchi/trivy
https://github.com/t31m0/Vulnerability-Scanner-for-Containers
https://github.com/umahari/security

1.3 KiB Raw Blame History

CVE-2016-3191

Description

POC

Reference

Github

1.3 KiB

Raw Blame History