The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < ee4222052a76559c20e821bc3519cefb58b6d3e9 |