CVE-2005-2491

critical

Description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

http://www.vupen.com/english/advisories/2006/4502

http://www.vupen.com/english/advisories/2006/4320

http://www.vupen.com/english/advisories/2006/0789

http://www.vupen.com/english/advisories/2005/2659

http://www.vupen.com/english/advisories/2005/1511

http://www.securityfocus.com/bid/15647

http://www.securityfocus.com/bid/14620

http://www.securityfocus.com/archive/1/428138/100/0/threaded

http://www.securityfocus.com/archive/1/427046/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2006-0197.html

http://www.redhat.com/support/errata/RHSA-2005-761.html

http://www.redhat.com/support/errata/RHSA-2005-358.html

http://www.php.net/release_4_4_1.php

http://www.novell.com/linux/security/advisories/2005_52_apache2.html

http://www.novell.com/linux/security/advisories/2005_49_php.html

http://www.novell.com/linux/security/advisories/2005_48_pcre.html

http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml

http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml

http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

http://www.ethereal.com/appnotes/enpa-sa-00021.html

http://www.debian.org/security/2005/dsa-821

http://www.debian.org/security/2005/dsa-819

http://www.debian.org/security/2005/dsa-817

http://www.debian.org/security/2005/dsa-800

http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

http://securitytracker.com/id?1014744

http://securityreason.com/securityalert/604

http://secunia.com/advisories/22875

http://secunia.com/advisories/22691

http://secunia.com/advisories/21522

http://secunia.com/advisories/19532

http://secunia.com/advisories/19193

http://secunia.com/advisories/19072

http://secunia.com/advisories/17813

http://secunia.com/advisories/17252

http://secunia.com/advisories/16679

http://secunia.com/advisories/16502

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://marc.info/?l=bugtraq&m=112606064317223&w=2

http://marc.info/?l=bugtraq&m=112605112027335&w=2

http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

http://docs.info.apple.com/article.html?artnum=302847

Details

Source: Mitre, NVD

Published: 2005-08-23

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical