Information on source package pcre3

Available versions

ReleaseVersion
jessie2:8.35-3.3+deb8u4
stretch2:8.39-3
buster2:8.39-12
bullseye2:8.39-13
bookworm2:8.39-15
sid2:8.39-15.1

Open issues

BugjessiestretchbusterbullseyebookwormsidDescription
TEMP-0827564-93E4E3vulnerable (no DSA)fixedfixedfixedfixedfixedStack corruption from crafted pattern
CVE-2020-14155vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedlibpcre in PCRE before 8.44 allows an integer overflow via a large num ...
CVE-2017-7244vulnerable (no DSA)fixedfixedfixedfixedfixedThe _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...
CVE-2017-7186vulnerable (no DSA)fixedfixedfixedfixedfixedlibpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attacke ...
CVE-2015-3217vulnerable (no DSA)fixedfixedfixedfixedfixedPCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2019-20838vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablelibpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...
CVE-2017-16231vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn PCRE 8.41, after compiling, a pcretest load test PoC produces a cra ...
CVE-2017-11164vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exe ...
CVE-2017-7246vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableStack-based buffer overflow in the pcre32_copy_substring function in p ...
CVE-2017-7245vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableStack-based buffer overflow in the pcre32_copy_substring function in p ...

Resolved issues

BugDescription
CVE-2017-6004The compile_bracket_matchingpath function in pcre_jit_compile.c in PCR ...
CVE-2016-3191The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 ...
CVE-2016-1283The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles t ...
CVE-2015-8395PCRE before 8.38 mishandles certain references, which allows remote at ...
CVE-2015-8394PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditi ...
CVE-2015-8393pcregrep in PCRE before 8.38 mishandles the -q option for binary files ...
CVE-2015-8392PCRE before 8.38 mishandles certain instances of the (?| substring, wh ...
CVE-2015-8391The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishan ...
CVE-2015-8390PCRE before 8.38 mishandles the [: and \\ substrings in character clas ...
CVE-2015-8389PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related pa ...
CVE-2015-8388PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and ...
CVE-2015-8387PCRE before 8.38 mishandles (?123) subroutine calls and related subrou ...
CVE-2015-8386PCRE before 8.38 mishandles the interaction of lookbehind assertions a ...
CVE-2015-8385PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and rel ...
CVE-2015-8384PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and re ...
CVE-2015-8383PCRE before 8.38 mishandles certain repeated conditional groups, which ...
CVE-2015-8382The match function in pcre_exec.c in PCRE before 8.37 mishandles the / ...
CVE-2015-8381The compile_regex function in pcre_compile.c in PCRE before 8.38 and p ...
CVE-2015-8380The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a ...
CVE-2015-5073Heap-based buffer overflow in the find_fixedlength function in pcre_co ...
CVE-2015-3210Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 a ...
CVE-2015-2328PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...
CVE-2015-2327PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and re ...
CVE-2015-2326The pcre_compile2 function in PCRE before 8.37 allows context-dependen ...
CVE-2015-2325The compile_branch function in PCRE before 8.37 allows context-depende ...
CVE-2014-9769pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to o ...
CVE-2014-8964Heap-based buffer overflow in PCRE 8.36 and earlier allows remote atta ...
CVE-2008-2371Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Re ...
CVE-2008-0674Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...
CVE-2007-4768Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE ...
CVE-2007-4767Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...
CVE-2007-4766Multiple integer overflows in Perl-Compatible Regular Expression (PCRE ...
CVE-2007-1662Perl-Compatible Regular Expression (PCRE) library before 7.3 reads pas ...
CVE-2007-1661Perl-Compatible Regular Expression (PCRE) library before 7.3 backtrack ...
CVE-2007-1660Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...
CVE-2007-1659Perl-Compatible Regular Expression (PCRE) library before 7.3 allows co ...
CVE-2006-7230Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...
CVE-2006-7228Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...
CVE-2006-7227Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...
CVE-2006-7226Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...
CVE-2006-7225Perl-Compatible Regular Expression (PCRE) library before 6.7 allows co ...
CVE-2005-4872Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...
CVE-2005-2491Integer overflow in pcre_compile.c in Perl Compatible Regular Expressi ...

Security announcements

DSA / DLADescription
DLA-441-1pcre3 - security update
DSA-1602-1pcre3 - arbitrary code execution
DSA-1499-1pcre3 - arbitrary code execution
DSA-1399-1pcre3 - arbitrary code execution
DSA-800-1pcre3 - integer overflow

Search for package or bug name: Reporting problems