threat
engine
.sh
Back
·
··:··
Home
/
Product
/
pcre
Product
pcre
58 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-58050
all versions
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-over
9.1
CRITICAL
CVE-2022-41409
< 10.41
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impact
7.5
HIGH
CVE-2022-1587
< 10.40
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit
9.1
CRITICAL
CVE-2022-1586
< 10.40
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2
9.1
CRITICAL
CVE-2020-14155
< 8.44
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
5.3
MEDIUM
CVE-2019-20838
< 8.43
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed qu
7.5
HIGH
CVE-2019-20454
>= 10.31 and < 10.34
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted
7.5
HIGH
CVE-2015-2326
< 8.37
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of
5.5
MEDIUM
CVE-2015-2325
< 8.37
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of se
7.8
HIGH
CVE-2017-16231
all versions
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because o
5.5
MEDIUM
CVE-2017-11164
all versions
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when pr
7.5
HIGH
CVE-2017-8786
all versions
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unsp
9.8
CRITICAL
CVE-2017-8399
< 10.30
PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with
9.8
CRITICAL
CVE-2017-7246
all versions
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers t
7.8
HIGH
CVE-2017-7245
all versions
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers t
7.8
HIGH
CVE-2017-7244
all versions
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invali
5.5
MEDIUM
CVE-2017-7186
all versions
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for
7.5
HIGH
CVE-2017-6004
<= 8.38
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bund
7.5
HIGH
CVE-2015-5073
<= 8.37
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause
9.1
CRITICAL
CVE-2015-3217
all versions
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denia
7.5
HIGH
CVE-2015-3210
all versions
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a craft
9.8
CRITICAL
CVE-2014-9769
all versions
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers t
7.3
HIGH
CVE-2016-3191
<= 10.21
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles pattern
9.8
CRITICAL
CVE-2016-1283
all versions
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\
9.8
CRITICAL
CVE-2015-8395
<= 8.37
PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspec
CVE-2015-8394
<= 8.37
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of serv
9.8
CRITICAL
CVE-2015-8393
<= 8.37
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive inf
7.5
HIGH
CVE-2015-8392
<= 8.37
PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (un
CVE-2015-8391
< 8.38
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to ca
9.8
CRITICAL
CVE-2015-8390
<= 8.37
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of serv
9.8
CRITICAL
CVE-2015-8389
<= 8.37
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of s
9.8
CRITICAL
CVE-2015-8388
<= 8.37
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, whi
CVE-2015-8387
<= 8.37
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial
7.3
HIGH
CVE-2015-8386
<= 8.37
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attac
9.8
CRITICAL
CVE-2015-8385
<= 8.37
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows
CVE-2015-8384
<= 8.37
PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which
CVE-2015-8383
<= 8.37
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffe
9.8
CRITICAL
CVE-2015-8382
all versions
The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|
CVE-2015-8381
<= 8.37
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|
CVE-2015-8380
<= 8.37
The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers
CVE-2015-2328
<= 8.35
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attacke
CVE-2015-2327
<= 8.35
PCRE before 8.36 mishandles the /(((a\2)|(a
)\g-1>))
/ pattern and related patterns with certain internal recursive back reference
CVE-2014-8964
<= 8.36
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other uns
CVE-2008-2371
all versions
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent
CVE-2008-0674
<= 7.5
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a charact
CVE-2006-7225
all versions
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (erro
CVE-2006-7230
<= 6.9
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compile
CVE-2006-7228
<= 6.6
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execut
CVE-2006-7227
<= 6.6
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arb
CVE-2007-4768
<= 6.0
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to e
CVE-2007-4767
<= 6.0
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P s
CVE-2007-4766
<= 7.3
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to ca
CVE-2007-1662
<= 7.3
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched bracket
CVE-2007-1661
<= 7.2
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some reg
CVE-2007-1660
<= 6.9
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of
CVE-2007-1659
<= 7.3
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (cras
CVE-2005-4872
<= 6.1
Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, wh
CVE-2005-2491
all versions
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin