Rapid7 Vulnerability & Exploit Database

SUSE-SA:2005:048: pcre integer overflows

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2005:048: pcre integer overflows

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

08/30/2005

Created

07/25/2018

Added

11/08/2005

Modified

11/18/2015

Description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Solution(s)

References

https://attackerkb.com/topics/cve-2005-2491
APPLE-SA-2005-11-29
14620
15647
CVE - 2005-2491
DSA-800
DSA-817
DSA-819
DSA-821
OVAL11516
OVAL1496
OVAL1659
OVAL735
RHSA-2005:358
RHSA-2005:761
RHSA-2006:0197
20060401-01-U
SUSE-SA:2005:048
SUSE-SA:2005:049
SUSE-SA:2005:051
SUSE-SA:2005:052
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1496
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1659
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:735
http://securityreason.com/securityalert/604
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
http://www.ethereal.com/appnotes/enpa-sa-00021.html
http://www.frsirt.com/english/advisories/2005/1511
http://www.frsirt.com/english/advisories/2005/2659
http://www.frsirt.com/english/advisories/2006/0789
http://www.frsirt.com/english/advisories/2006/4320
http://www.frsirt.com/english/advisories/2006/4502
http://www.novell.com/linux/security/advisories/2005_48_pcre.html
http://www.php.net/release_4_4_1.php
http://www.securityfocus.com/archive/1/archive/1/427046/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;