CVE-2005-2491

HIGH

Description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt

ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

http://docs.info.apple.com/article.html?artnum=302847

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

http://marc.info/?l=bugtraq&m=112605112027335&w=2

http://marc.info/?l=bugtraq&m=112606064317223&w=2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://secunia.com/advisories/16502

http://secunia.com/advisories/16679

http://secunia.com/advisories/17252

http://secunia.com/advisories/17813

http://secunia.com/advisories/19072

http://secunia.com/advisories/19193

http://secunia.com/advisories/19532

http://secunia.com/advisories/21522

http://secunia.com/advisories/22691

http://secunia.com/advisories/22875

http://securityreason.com/securityalert/604

http://securitytracker.com/id?1014744

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm

http://www.debian.org/security/2005/dsa-800

http://www.debian.org/security/2005/dsa-817

http://www.debian.org/security/2005/dsa-819

http://www.debian.org/security/2005/dsa-821

http://www.ethereal.com/appnotes/enpa-sa-00021.html

http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml

http://www.novell.com/linux/security/advisories/2005_48_pcre.html

http://www.novell.com/linux/security/advisories/2005_49_php.html

http://www.novell.com/linux/security/advisories/2005_52_apache2.html

http://www.php.net/release_4_4_1.php

http://www.redhat.com/support/errata/RHSA-2005-358.html

http://www.redhat.com/support/errata/RHSA-2005-761.html

http://www.redhat.com/support/errata/RHSA-2006-0197.html

http://www.securityfocus.com/archive/1/427046/100/0/threaded

http://www.securityfocus.com/archive/1/428138/100/0/threaded

http://www.securityfocus.com/bid/14620

http://www.securityfocus.com/bid/15647

http://www.vupen.com/english/advisories/2005/1511

http://www.vupen.com/english/advisories/2005/2659

http://www.vupen.com/english/advisories/2006/0789

http://www.vupen.com/english/advisories/2006/4320

http://www.vupen.com/english/advisories/2006/4502

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735

Details

Source: MITRE

Published: 2005-08-23

Updated: 2018-10-19

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH