Description
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Remediation
References
Related Vulnerabilities
WordPress Plugin OPS Old Post Spinner 'ops_file' Parameter Local File Include (2.2.1)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-11057)
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22903)
MySQL CVE-2016-3614 Vulnerability (CVE-2016-3614)
WordPress Plugin NEX-Forms-The Ultimate WordPress Form Builder Security Bypass (7.8.7)