[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2305Date: (C)2015-04-07   (M)2024-02-22


Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1031947
BID-72611
APPLE-SA-2015-09-30-3
DSA-3195
RHSA-2015:1053
RHSA-2015:1066
SSRT102066
SUSE-SU-2015:0868
SUSE-SU-2015:0946
USN-2572-1
USN-2594-1
VU#695940
http://openwall.com/lists/oss-security/2015/02/07/14
http://openwall.com/lists/oss-security/2015/03/11/8
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
http://php.net/ChangeLog-5.php
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
https://support.apple.com/HT205267
openSUSE-SU-2015:0644
openSUSE-SU-2015:0906

CPE    7
cpe:/o:opensuse:opensuse:13.1
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/a:php:php
...
CWE    1
CWE-190
OVAL    20
oval:org.secpod.oval:def:702542
oval:org.secpod.oval:def:108806
oval:org.secpod.oval:def:52473
oval:org.secpod.oval:def:1200063
...

© SecPod Technologies