Description
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Remediation
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9854)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9837)
Joomla! Core 3.9.x Directory Traversal (3.9.3 - 3.9.5)
WordPress Plugin WordPress OpenID Connect Client Cross-Site Scripting (2.1.4)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)