PCRE before 8.36 mishandles the /(((a2)|(a*)g ))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers t