PCRE library buffer overflow

Buffer overflow on regular expression compiling...

PCRE: Buffer overflow

Background PCRE is a Perl-compatible regular expression library. GLib includes a copy of PCRE. Description Tavis Ormandy of the Google Security team reported a heap-based buffer overflow when compiling regular expression patterns containing "Internal Option Settings" such as "?i ". Impact A remot...

[SECURITY] Fedora 8 Update: pcre-7.3-4.fc8

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

DSA-1602-1 pcre3 - arbitrary code execution

Bulletin has no description...

mod_perl PerlRun denial of service

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

Mambo Component Articles (artid) Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================ Mambo Component Articles artid Blind SQL Injection Exploit ============================================================ !/usr/bin/perl use LWP::UserAgent; use Getopt::Long;...

Important: Red Hat Security Advisory: perl security update

Updated perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration...

Perl: Execution of arbitrary code

Background Perl is a stable, cross platform programming language. Description Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Impact A remote attacker could possibly explo...

Red Hat目录服务器LDAP查询缓冲区溢出漏洞

BUGTRAQ ID: 29126 CVECAN ID: CVE-2008-1677 Red Hat目录服务器是用于集中管理应用设置、组数据、策略等内容的基于LDAP的服务器。 Red Hat目录服务器使用固定大小的缓冲区储存LDAP搜索中所使用的正则表达式，在将用户提供的LDAP请求中的搜索模式翻译成正则表达式时可能会触发缓冲区溢出，导致slapd守护程序崩溃或执行任意代码。任何可以执行LDAP搜索的用户都可以触发这个溢出，如果ACL允许匿名访问（默认配置）的话也包括匿名用户。 RedHat Directory Server 8.0 RedHat Directory Server 7....

CVE-2008-1677

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service slapd crash and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression...

Buffer overflow

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service slapd crash and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression...

CVE-2008-1677

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service slapd crash and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression...

perl buffer overflow

Heap memory overflow on regular expression handling...

CVE-2008-1927

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service memory corruption and crash via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems...

Double free

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service memory corruption and crash via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems...

CVE-2008-1927

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service memory corruption and crash via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems...

CVE-2008-1927

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service memory corruption and crash via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems...

Integer overflow

Integer overflow in the PCRE regular expression compiler JavaScriptCore/pcre/pcrecompile.cpp in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflo...

CVE-2008-1026

Integer overflow in the PCRE regular expression compiler JavaScriptCore/pcre/pcrecompile.cpp in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflo...

Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

a. Updated pcre Service Console package addresses several security issuesThe pcre package contains the Perl-Compatible Regular Expression library. pcre is used by various Service Console utilities. Several security issues were discovered in the way PCRE handles regular expressions. If an...