PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
