Description
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Remediation
References
Related Vulnerabilities
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393)
Magento Insufficient Session Expiration Vulnerability (CVE-2019-8149)
WordPress Plugin Relevanssi Premium-A Better Search Multiple Vulnerabilities (1.14.4)
WordPress Plugin Gallery for Social Photo Cross-Site Request Forgery (1.0.0.27)
WordPress Plugin Videox7 UGC 'listid' Parameter Cross-Site Scripting (2.5.3.2)