The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libpcre3", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcre3-dbg", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcre3-dbgsym", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcre3-dev", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcre3-dev-dbgsym", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcre3-udeb", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcre3-udeb-dbgsym", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcrecpp0", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcrecpp0-dbgsym", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "pcregrep", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "pcregrep-dbgsym", "binary_version": "1:8.31-2ubuntu2.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libpcre2-16-0", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-16-0-dbgsym", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-32-0", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-32-0-dbgsym", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-8-0", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-8-0-dbgsym", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-dbg", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-dev", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-dev-dbgsym", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-posix0", "binary_version": "10.21-1" }, { "binary_name": "libpcre2-posix0-dbgsym", "binary_version": "10.21-1" }, { "binary_name": "pcre2-utils", "binary_version": "10.21-1" }, { "binary_name": "pcre2-utils-dbgsym", "binary_version": "10.21-1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libpcre16-3", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre16-3-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-dbg", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-dev", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-dev-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-udeb", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre3-udeb-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre32-3", "binary_version": "2:8.38-3" }, { "binary_name": "libpcre32-3-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "libpcrecpp0v5", "binary_version": "2:8.38-3" }, { "binary_name": "libpcrecpp0v5-dbgsym", "binary_version": "2:8.38-3" }, { "binary_name": "pcregrep", "binary_version": "2:8.38-3" }, { "binary_name": "pcregrep-dbgsym", "binary_version": "2:8.38-3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libpcre2-16-0", "binary_version": "10.31-2" }, { "binary_name": "libpcre2-32-0", "binary_version": "10.31-2" }, { "binary_name": "libpcre2-8-0", "binary_version": "10.31-2" }, { "binary_name": "libpcre2-8-0-udeb", "binary_version": "10.31-2" }, { "binary_name": "libpcre2-dbg", "binary_version": "10.31-2" }, { "binary_name": "libpcre2-dev", "binary_version": "10.31-2" }, { "binary_name": "libpcre2-posix0", "binary_version": "10.31-2" }, { "binary_name": "pcre2-utils", "binary_version": "10.31-2" } ] }