Description
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Remediation
References
Related Vulnerabilities
WordPress Plugin Website FAQ 'website-faq-widget.php' SQL Injection (1.0)
Dot CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-37033)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2348)
WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.4)