1470 matches found
CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...
Integer overflow
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...
CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...
CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...
CVE-2015-2305
CVE-2015-2305 describes an integer/heap overflow in the Henry Spencer BSD regex library (rxspencer), specifically in regcomp on 32-bit platforms. The issue can be triggered by a very large regular expression, potentially allowing context-dependent attackers to execute arbitrary code via a heap-ba...
CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...
Fedora 20 : ettercap-0.8.2-1.fc20 (2015-4020)
0.8.2-Ferri Bug Fix !! Fixed some openssl deprecated functions usage !! Fixed log file ownership !! Fixed mixed output print !! Fixed dropprivs function usage !! Fixed nopromisc option usage. !! Fixed missing break in parser code. !! Improved redirect commands !! Fix truncated VLAN packet headers...
Debian DLA-113-1 : bsd-mailx security update
It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...
Fedora 22 : ettercap-0.8.2-1.fc22 (2015-4009)
0.8.2-Ferri Bug Fix !! Fixed some openssl deprecated functions usage !! Fixed log file ownership !! Fixed mixed output print !! Fixed dropprivs function usage !! Fixed nopromisc option usage. !! Fixed missing break in parser code. !! Improved redirect commands !! Fix truncated VLAN packet headers...
Taming the wild copy: Parallel Thread Corruption
Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...
Internet Bug Bounty: Heap overflow in H. Spencer’s regex library on 32 bit systems
The IBB's programs provide a great incentive for me to find vulnerabilities in open source software. With this one I set out to find a vulnerability in PHP and discovered that the vulnerability that I found exists in a wider constellation of applications, including BSD libc's. IBB's Alex Rice's...
Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Overview A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances. Description CWE-122: Heap-based Buffer Overflow From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an...
Ubuntu: Security Advisory (USN-2455-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : bsd-mailx vulnerability (USN-2455-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2455-1 advisory. It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could...
USN-2455-1 bsd-mailx vulnerability
It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and...
USN-2455-1: bsd-mailx vulnerability
It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and...
CVE-2004-2771
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address...
UBUNTU-CVE-2004-2771
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address...
CVE-2004-2771
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address...
AZL-36961 CVE-2004-2771 affecting package mailx for versions less than 12.5-36
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address...