The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libpcre3": "1:8.31-2ubuntu2.1", "libpcrecpp0-dbgsym": "1:8.31-2ubuntu2.1", "libpcre3-udeb": "1:8.31-2ubuntu2.1", "libpcre3-dev-dbgsym": "1:8.31-2ubuntu2.1", "libpcre3-dbgsym": "1:8.31-2ubuntu2.1", "libpcre3-udeb-dbgsym": "1:8.31-2ubuntu2.1", "pcregrep": "1:8.31-2ubuntu2.1", "pcregrep-dbgsym": "1:8.31-2ubuntu2.1", "libpcre3-dbg": "1:8.31-2ubuntu2.1", "libpcrecpp0": "1:8.31-2ubuntu2.1", "libpcre3-dev": "1:8.31-2ubuntu2.1" } ] }