First published: Mon Mar 30 2015(Updated: )
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rxspencer Project Rxspencer | =3.8.g5 | |
Canonical Ubuntu Linux | =10.04 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
Canonical Ubuntu Linux | =15.04 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 | |
PHP PHP | >=5.4.0<5.4.39 | |
PHP PHP | >=5.5.0<5.5.23 | |
PHP PHP | >=5.6.0<5.6.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.