PCRE before 8.38 mishandles the [: and substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
The product uses or accesses a resource that has not been initialized.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Perl_compatible_regular_expression_library | Pcre | * | 8.37 (including) |