The PCRE library is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5.

The source code audit against the PCRE2 library was carried out by two testers and one test-lead from the Cure53 team throughout September and October 2015.

The audit took twenty days to complete and yielded an overall of 29 issues. Only one of the results was considered to be of a critical severity, while the remaining majority of other problems oscillated around moderate and low severity levels. This strongly indicates that the library’s code is of good quality and the application’s level of maturity is rather high. However, note that the audit was performed manually and did not involve any fuzzing or other automated tool-assisted techniques.

The full audit and summary of findings can be found below.

PCRE Audit