CVE-2005-2491

high

Description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

References

http://www.securityfocus.com/bid/14620

http://securitytracker.com/id?1014744

http://www.debian.org/security/2005/dsa-800

http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml

http://www.redhat.com/support/errata/RHSA-2005-761.html

http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml

http://www.debian.org/security/2005/dsa-819

http://www.debian.org/security/2005/dsa-817

http://www.debian.org/security/2005/dsa-821

http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml

http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

http://www.ethereal.com/appnotes/enpa-sa-00021.html

http://www.php.net/release_4_4_1.php

http://docs.info.apple.com/article.html?artnum=302847

http://www.securityfocus.com/bid/15647

http://secunia.com/advisories/17813

http://secunia.com/advisories/16502

http://secunia.com/advisories/16679

http://www.redhat.com/support/errata/RHSA-2006-0197.html

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

http://secunia.com/advisories/19072

http://www.redhat.com/support/errata/RHSA-2005-358.html

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt

http://secunia.com/advisories/19193

http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

http://secunia.com/advisories/17252

ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

http://secunia.com/advisories/19532

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://www.novell.com/linux/security/advisories/2005_48_pcre.html

http://www.novell.com/linux/security/advisories/2005_49_php.html

http://www.novell.com/linux/security/advisories/2005_52_apache2.html

http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm

http://secunia.com/advisories/21522

http://secunia.com/advisories/22691

http://secunia.com/advisories/22875

http://securityreason.com/securityalert/604

http://www.vupen.com/english/advisories/2006/0789

http://www.vupen.com/english/advisories/2006/4502

http://www.vupen.com/english/advisories/2006/4320

http://www.vupen.com/english/advisories/2005/1511

http://www.vupen.com/english/advisories/2005/2659

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://marc.info/?l=bugtraq&m=112606064317223&w=2

http://marc.info/?l=bugtraq&m=112605112027335&w=2

http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516

http://www.securityfocus.com/archive/1/428138/100/0/threaded

http://www.securityfocus.com/archive/1/427046/100/0/threaded

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2005-08-23

Updated: 2021-06-06

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH