The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcre3" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcre3-dbg" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcre3-dbgsym" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcre3-dev" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcre3-dev-dbgsym" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcre3-udeb" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcre3-udeb-dbgsym" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcrecpp0" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "libpcrecpp0-dbgsym" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "pcregrep" }, { "binary_version": "1:8.31-2ubuntu2.2", "binary_name": "pcregrep-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "10.21-1", "binary_name": "libpcre2-16-0" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-16-0-dbgsym" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-32-0" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-32-0-dbgsym" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-8-0" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-8-0-dbgsym" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-dbg" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-dev" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-dev-dbgsym" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-posix0" }, { "binary_version": "10.21-1", "binary_name": "libpcre2-posix0-dbgsym" }, { "binary_version": "10.21-1", "binary_name": "pcre2-utils" }, { "binary_version": "10.21-1", "binary_name": "pcre2-utils-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2:8.38-3", "binary_name": "libpcre16-3" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre16-3-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-dbg" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-dev" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-dev-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-udeb" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre3-udeb-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre32-3" }, { "binary_version": "2:8.38-3", "binary_name": "libpcre32-3-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "libpcrecpp0v5" }, { "binary_version": "2:8.38-3", "binary_name": "libpcrecpp0v5-dbgsym" }, { "binary_version": "2:8.38-3", "binary_name": "pcregrep" }, { "binary_version": "2:8.38-3", "binary_name": "pcregrep-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "10.31-2", "binary_name": "libpcre2-16-0" }, { "binary_version": "10.31-2", "binary_name": "libpcre2-32-0" }, { "binary_version": "10.31-2", "binary_name": "libpcre2-8-0" }, { "binary_version": "10.31-2", "binary_name": "libpcre2-8-0-udeb" }, { "binary_version": "10.31-2", "binary_name": "libpcre2-dbg" }, { "binary_version": "10.31-2", "binary_name": "libpcre2-dev" }, { "binary_version": "10.31-2", "binary_name": "libpcre2-posix0" }, { "binary_version": "10.31-2", "binary_name": "pcre2-utils" } ] }