Description
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.4)
WordPress Plugin .htaccess Redirect Cross-Site Scripting (0.3.1)
PHP Other Vulnerability (CVE-2007-1886)
WordPress Plugin Responsive Lightbox by dFactory Cross-Site Scripting (1.7.1)
PostgreSQL Integer Overflow or Wraparound Vulnerability (CVE-2023-5869)