Description
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Remediation
References
Related Vulnerabilities
WordPress Plugin EventCommerce WP Event Calendar Cross-Site Scripting (1.0)
WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)
Claroline Other Vulnerability (CVE-2006-3257)
WordPress Plugin WP smart CRM & Invoices FREE Cross-Site Scripting (1.8.7)
Plone CMS Improper Authentication Vulnerability (CVE-2009-0662)