Lucene search

K
nvd[email protected]NVD:CVE-2005-2491
HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-2491

2005-08-2304:00:00
web.nvd.nist.gov
9

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.018

Percentile

88.5%

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Affected configurations

Nvd
Node
pcrepcreMatch5.0
OR
pcrepcreMatch6.0
OR
pcrepcreMatch6.1
VendorProductVersionCPE
pcrepcre5.0cpe:2.3:a:pcre:pcre:5.0:*:*:*:*:*:*:*
pcrepcre6.0cpe:2.3:a:pcre:pcre:6.0:*:*:*:*:*:*:*
pcrepcre6.1cpe:2.3:a:pcre:pcre:6.1:*:*:*:*:*:*:*

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.018

Percentile

88.5%