pcre security advisories
4 threat alerts tracking vulnerabilities and security advisories that affect pcre products.
Vulnios monitors pcre CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent pcre security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2015-3210 — pcre — pcre2, pcre
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(
criticalCVE-2015-3210Critical Vulnerability: CVE-2016-3191 — pcre — pcre, pcre2
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parenth
criticalCVE-2016-3191Critical Vulnerability: CVE-2017-8399 — pcre — pcre2
PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."
criticalCVE-2017-8399Critical Vulnerability: CVE-2017-8786 — pcre — pcre2
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
criticalCVE-2017-8786
Track pcre exposure across your environment
Vulnios automatically cross-references your asset inventory against new pcre CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan