CVE-2005-2491

Severity

75%

Complexity

99%

Confidentiality

106%

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

PCRE

First reported 19 years ago

2005-08-23 04:00:00

Last updated 6 years ago

2018-10-19 15:33:00

Affected Software

PCRE 5.0

5.0

PCRE 6.0

6.0

PCRE 6.1

6.1

References

SCOSA-2006.10

20060401-01-U

APPLE-SA-2005-11-29

SSRT061238

TSLSA-2005-0059

SUSE-SA:2005:051

OpenPKG-SA-2005.018

SSRT090208

16502

16679

17252

17813

19072

19193

19532

21522

22691

22875

604

1014744

Patch

102198

http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm

DSA-800

DSA-817

DSA-819

DSA-821

http://www.ethereal.com/appnotes/enpa-sa-00021.html

GLSA-200508-17

GLSA-200509-02

GLSA-200509-08

GLSA-200509-12

GLSA-200509-19

SUSE-SA:2005:048

SUSE-SA:2005:049

SUSE-SA:2005:052

http://www.php.net/release_4_4_1.php

RHSA-2005:358

RHSA-2005:761

RHSA-2006:0197

FLSA:168516

SSRT051251

14620

15647

ADV-2005-1511

ADV-2005-2659

ADV-2006-0789

ADV-2006-4320

ADV-2006-4502

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:11516

oval:org.mitre.oval:def:1496

oval:org.mitre.oval:def:1659

oval:org.mitre.oval:def:735

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.