CVE-2005-2491high
Description
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
References
http://www.securityfocus.com/bid/14620
http://securitytracker.com/id?1014744
http://www.debian.org/security/2005/dsa-800
http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
http://www.redhat.com/support/errata/RHSA-2005-761.html
http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
http://www.debian.org/security/2005/dsa-819
http://www.debian.org/security/2005/dsa-817
http://www.debian.org/security/2005/dsa-821
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://www.ethereal.com/appnotes/enpa-sa-00021.html
http://www.php.net/release_4_4_1.php
http://docs.info.apple.com/article.html?artnum=302847
http://www.securityfocus.com/bid/15647
http://secunia.com/advisories/17813
http://secunia.com/advisories/16502
http://secunia.com/advisories/16679
http://www.redhat.com/support/errata/RHSA-2006-0197.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://secunia.com/advisories/19072
http://www.redhat.com/support/errata/RHSA-2005-358.html
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
http://secunia.com/advisories/19193
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://secunia.com/advisories/17252
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://secunia.com/advisories/19532
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.novell.com/linux/security/advisories/2005_48_pcre.html
http://www.novell.com/linux/security/advisories/2005_49_php.html
http://www.novell.com/linux/security/advisories/2005_52_apache2.html
http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
http://secunia.com/advisories/21522
http://secunia.com/advisories/22691
http://secunia.com/advisories/22875
http://securityreason.com/securityalert/604
http://www.vupen.com/english/advisories/2006/0789
http://www.vupen.com/english/advisories/2006/4502
http://www.vupen.com/english/advisories/2006/4320
http://www.vupen.com/english/advisories/2005/1511
http://www.vupen.com/english/advisories/2005/2659
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://marc.info/?l=bugtraq&m=112606064317223&w=2
http://marc.info/?l=bugtraq&m=112605112027335&w=2
http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516
http://www.securityfocus.com/archive/1/428138/100/0/threaded
http://www.securityfocus.com/archive/1/427046/100/0/threaded
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Details
Source: MITRE
Published: 2005-08-23
Updated: 2021-06-06
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH