CVE-2005-2491
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
89.8%
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
Affected configurations
References
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
docs.info.apple.com/article.html?artnum=302847
itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
marc.info/?l=bugtraq&m=112605112027335&w=2
marc.info/?l=bugtraq&m=112606064317223&w=2
marc.info/?l=bugtraq&m=130497311408250&w=2
secunia.com/advisories/16502
secunia.com/advisories/16679
secunia.com/advisories/17252
secunia.com/advisories/17813
secunia.com/advisories/19072
secunia.com/advisories/19193
secunia.com/advisories/19532
secunia.com/advisories/21522
secunia.com/advisories/22691
secunia.com/advisories/22875
securityreason.com/securityalert/604
securitytracker.com/id?1014744
sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
support.avaya.com/elmodocs2/security/ASA-2006-081.htm
support.avaya.com/elmodocs2/security/ASA-2006-159.htm
www.debian.org/security/2005/dsa-800
www.debian.org/security/2005/dsa-817
www.debian.org/security/2005/dsa-819
www.debian.org/security/2005/dsa-821
www.ethereal.com/appnotes/enpa-sa-00021.html
www.gentoo.org/security/en/glsa/glsa-200508-17.xml
www.gentoo.org/security/en/glsa/glsa-200509-02.xml
www.gentoo.org/security/en/glsa/glsa-200509-08.xml
www.gentoo.org/security/en/glsa/glsa-200509-12.xml
www.gentoo.org/security/en/glsa/glsa-200509-19.xml
www.novell.com/linux/security/advisories/2005_48_pcre.html
www.novell.com/linux/security/advisories/2005_49_php.html
www.novell.com/linux/security/advisories/2005_52_apache2.html
www.php.net/release_4_4_1.php
www.redhat.com/support/errata/RHSA-2005-358.html
www.redhat.com/support/errata/RHSA-2005-761.html
www.redhat.com/support/errata/RHSA-2006-0197.html
www.securityfocus.com/archive/1/427046/100/0/threaded
www.securityfocus.com/archive/1/428138/100/0/threaded
www.securityfocus.com/bid/14620
www.securityfocus.com/bid/15647
www.vupen.com/english/advisories/2005/1511
www.vupen.com/english/advisories/2005/2659
www.vupen.com/english/advisories/2006/0789
www.vupen.com/english/advisories/2006/4320
www.vupen.com/english/advisories/2006/4502
lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
89.8%