The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'){97)?J)?J)(?'R'(?'R'){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libpcre3": "1:8.31-2ubuntu2.1", "libpcrecpp0-dbgsym": "1:8.31-2ubuntu2.1", "libpcre3-udeb": "1:8.31-2ubuntu2.1", "libpcre3-dev-dbgsym": "1:8.31-2ubuntu2.1", "libpcre3-dbgsym": "1:8.31-2ubuntu2.1", "libpcre3-udeb-dbgsym": "1:8.31-2ubuntu2.1", "pcregrep": "1:8.31-2ubuntu2.1", "pcregrep-dbgsym": "1:8.31-2ubuntu2.1", "libpcre3-dbg": "1:8.31-2ubuntu2.1", "libpcrecpp0": "1:8.31-2ubuntu2.1", "libpcre3-dev": "1:8.31-2ubuntu2.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libpcre32-3": "2:8.38-3.1", "pcregrep-dbgsym": "2:8.38-3.1", "libpcre16-3": "2:8.38-3.1", "libpcrecpp0v5-dbgsym": "2:8.38-3.1", "libpcre3-dbg": "2:8.38-3.1", "libpcre3": "2:8.38-3.1", "libpcre32-3-dbgsym": "2:8.38-3.1", "libpcre3-udeb": "2:8.38-3.1", "libpcre3-dev-dbgsym": "2:8.38-3.1", "libpcre3-dbgsym": "2:8.38-3.1", "libpcre3-udeb-dbgsym": "2:8.38-3.1", "pcregrep": "2:8.38-3.1", "libpcre16-3-dbgsym": "2:8.38-3.1", "libpcre3-dev": "2:8.38-3.1", "libpcrecpp0v5": "2:8.38-3.1" } ] }