Lucene search

[email protected]CVE-2005-2491

HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-2491

2005-08-2304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2491

integer overflow

pcre

regular expressions

python

ethereal

php

arbitrary code execution

heap-based buffer overflow

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

CPENameOperatorVersion
pcre:pcrepcreeq5.0
pcre:pcrepcreeq6.0
pcre:pcrepcreeq6.1

CPE	Name	Operator	Version
pcre:pcre	pcre	eq	5.0
pcre:pcre	pcre	eq	6.0
pcre:pcre	pcre	eq	6.1

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt

ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

docs.info.apple.com/article.html?artnum=302847

itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

marc.info/?l=bugtraq&m=112605112027335&w=2

marc.info/?l=bugtraq&m=112606064317223&w=2

marc.info/?l=bugtraq&m=130497311408250&w=2

secunia.com/advisories/16502

secunia.com/advisories/16679

secunia.com/advisories/17252

secunia.com/advisories/17813

secunia.com/advisories/19072

secunia.com/advisories/19193

secunia.com/advisories/19532

secunia.com/advisories/21522

secunia.com/advisories/22691

secunia.com/advisories/22875

securityreason.com/securityalert/604

securitytracker.com/id?1014744

sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

support.avaya.com/elmodocs2/security/ASA-2006-081.htm

support.avaya.com/elmodocs2/security/ASA-2006-159.htm

www.debian.org/security/2005/dsa-800

www.debian.org/security/2005/dsa-817

www.debian.org/security/2005/dsa-819

www.debian.org/security/2005/dsa-821

www.ethereal.com/appnotes/enpa-sa-00021.html

www.gentoo.org/security/en/glsa/glsa-200508-17.xml

www.gentoo.org/security/en/glsa/glsa-200509-02.xml

www.gentoo.org/security/en/glsa/glsa-200509-08.xml

www.gentoo.org/security/en/glsa/glsa-200509-12.xml

www.gentoo.org/security/en/glsa/glsa-200509-19.xml

www.novell.com/linux/security/advisories/2005_48_pcre.html

www.novell.com/linux/security/advisories/2005_49_php.html

www.novell.com/linux/security/advisories/2005_52_apache2.html

www.php.net/release_4_4_1.php

www.redhat.com/support/errata/RHSA-2005-358.html

www.redhat.com/support/errata/RHSA-2005-761.html

www.redhat.com/support/errata/RHSA-2006-0197.html

www.securityfocus.com/archive/1/427046/100/0/threaded

www.securityfocus.com/archive/1/428138/100/0/threaded

www.securityfocus.com/bid/14620

www.securityfocus.com/bid/15647

www.vupen.com/english/advisories/2005/1511

www.vupen.com/english/advisories/2005/2659

www.vupen.com/english/advisories/2006/0789

www.vupen.com/english/advisories/2006/4320

www.vupen.com/english/advisories/2006/4502

lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Related for CVE-2005-2491

nessus37 openvas25 redhat3 gentoo5 freebsd1 ubuntucve1 debian8 osv4 slackware4 ubuntu3 centos5 httpd1 securityvulns8 debiancve1 suse4 oraclelinux1