CVE-2005-2491: Buffer Overflow
First published: Mon Aug 22 2005(Updated: )
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pcre Pcre | =5.0 | |
| Pcre Pcre | =6.0 | |
| Pcre Pcre | =6.1 | |
| =5.0 | ||
| =6.0 | ||
| =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/14620
- http://securitytracker.com/id?1014744
- http://www.debian.org/security/2005/dsa-800
- http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
- http://www.redhat.com/support/errata/RHSA-2005-761.html
- http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
- http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
- http://www.debian.org/security/2005/dsa-819
- http://www.debian.org/security/2005/dsa-817
- http://www.debian.org/security/2005/dsa-821
- http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://www.ethereal.com/appnotes/enpa-sa-00021.html
- http://www.php.net/release_4_4_1.php
- http://docs.info.apple.com/article.html?artnum=302847
- http://www.securityfocus.com/bid/15647
- http://secunia.com/advisories/17813
- http://secunia.com/advisories/16502
- http://secunia.com/advisories/16679
- http://www.redhat.com/support/errata/RHSA-2006-0197.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
- http://secunia.com/advisories/19072
- http://www.redhat.com/support/errata/RHSA-2005-358.html
- http://secunia.com/advisories/19193
- http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
- http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
- http://secunia.com/advisories/17252
- http://secunia.com/advisories/19532
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://www.novell.com/linux/security/advisories/2005_48_pcre.html
- http://www.novell.com/linux/security/advisories/2005_49_php.html
- http://www.novell.com/linux/security/advisories/2005_52_apache2.html
- http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
- http://secunia.com/advisories/21522
- http://secunia.com/advisories/22691
- http://secunia.com/advisories/22875
- http://securityreason.com/securityalert/604
- http://www.vupen.com/english/advisories/2006/0789
- http://www.vupen.com/english/advisories/2006/4502
- http://www.vupen.com/english/advisories/2006/4320
- http://www.vupen.com/english/advisories/2005/1511
- http://www.vupen.com/english/advisories/2005/2659
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://marc.info/?l=bugtraq&m=112606064317223&w=2
- http://marc.info/?l=bugtraq&m=112605112027335&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516
- http://www.securityfocus.com/archive/1/428138/100/0/threaded
- http://www.securityfocus.com/archive/1/427046/100/0/threaded
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- collector/nvd-historical
- collector/nvd-index
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/author
- agent/description
- agent/remedy
- agent/weakness
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/pcre
- canonical/pcre pcre
- version/pcre pcre/5.0
- version/pcre pcre/6.0
- version/pcre pcre/6.1