Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3564
HistoryJul 07, 2008 - 12:00 a.m.

PCRE pcre_compile.c文件堆溢出漏洞

2008-07-0700:00:00
Root
www.seebug.org
23

0.003 Low

EPSS

Percentile

64.8%

JSON

CVE(CAN) ID: CVE-2008-2371

PCRE(Perl兼容正则表达式)库是个开放源代码的软件,可提供正则表达式支持。

当PCRE在启动模式(pattern)指定选项的时候,为了防止将其不必要的编译到字节代码,会如pcre_compile()选项所指定的方式传送回调用程序(也就是/(?i)a|b/ == /a|b/i)。如果模式包含有多个分支的话,就会意外的将新选项回传的过远,仅有第一个分支获得了新的标记,而在第二次编译传送的时候会一直设置新的标记,导致大小计算传送和实际的编译传送之间出现不匹配,这可能触发堆溢出。

PCRE 7.7
厂商补丁:

Debian

Debian已经为此发布了一个安全公告(DSA-1602-1)以及相应补丁:
DSA-1602-1:New pcre3 packages fix arbitrary code execution
链接:<a href=“http://www.debian.org/security/2008/dsa-1602” target=“_blank”>http://www.debian.org/security/2008/dsa-1602</a>

补丁下载:

Source archives:

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc</a>
Size/MD5 checksum: 888 9ef88cd7ab592b3799211018f8d20f63
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz</a>
Size/MD5 checksum: 83574 2d9686b5b3a5480aa528bd89cdea12a6
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz</a>
Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b

alpha architecture (DEC Alpha)

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb</a>
Size/MD5 checksum: 21038 72545720bee988d70381cf56ac08ab3e
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb</a>
Size/MD5 checksum: 91302 039876d52014e88686119445734f6ec7
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb</a>
Size/MD5 checksum: 264154 19f60bc08e3f2a5d8ca305851f44ef55
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb</a>
Size/MD5 checksum: 209168 f19f07f81f4b9259c7b061faf7d9fc7c

amd64 architecture (AMD x86_64 (AMD64))

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb</a>
Size/MD5 checksum: 89984 c92634b92f00d7f41991d58d3ad690bc
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb</a>
Size/MD5 checksum: 198552 2760ab9ccf2cdf8b7fec89e4068feba7
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb</a>
Size/MD5 checksum: 250032 68f3c4360bc41358bb97f546bcb0e3ce
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb</a>
Size/MD5 checksum: 20150 9bed90914b31ea7f11810c3b99d5b5c6

arm architecture (ARM)

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb</a>
Size/MD5 checksum: 88966 41f8ee2780754174274009055c952079
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb</a>
Size/MD5 checksum: 19920 f10b8d7a5c6366136813af67d0a8b7ff
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb</a>
Size/MD5 checksum: 243970 8becd101006adf3dfca88607c07d3086
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb</a>
Size/MD5 checksum: 198322 b2c55ac5d7a2be62c5b5e8cb6d0c48f2

hppa architecture (HP PA RISC)

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb</a>
Size/MD5 checksum: 92266 b9236279f24acead3acfed524d87d1bd
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb</a>
Size/MD5 checksum: 255722 f0a3084a3683ece8f0c10ffd937ef252
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb</a>
Size/MD5 checksum: 202446 5e552d19b502810cf640eb8c11776736
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb</a>
Size/MD5 checksum: 20726 aa317ebe8c30e18966b3786acc1398b9

i386 architecture (Intel ia32)

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb</a>
Size/MD5 checksum: 89862 60a49383c76120d08e4d300564b659db
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb</a>
Size/MD5 checksum: 246934 b20ff56ba4289860f1d09a75abfa3505
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb</a>
Size/MD5 checksum: 19348 dcded2ff2a56d461e522ac11647ab4f2
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb</a>
Size/MD5 checksum: 196894 30a9803ec2c737702228c88b121d1544

ia64 architecture (Intel ia64)

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb</a>
Size/MD5 checksum: 230688 264ad5d5665e602b2f692b899fd0a5e9
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb</a>
Size/MD5 checksum: 25658 538af9aabca0427844e955f028c050e4
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb</a>
Size/MD5 checksum: 280674 e4d8e19abeed7202102e94597c4798e8
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb</a>
Size/MD5 checksum: 93858 c6cf88e6acf726bd4179658e0f2bbe9e

mips architecture (MIPS (Big Endian))

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb</a>
Size/MD5 checksum: 198430 ac574108ba4f6ae4b70179b7d6b5d7c9
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb</a>
Size/MD5 checksum: 253526 77b402e25c797abf1f7557e106326667
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb</a>
Size/MD5 checksum: 90538 e1671c5b76cca0256a8d41b8f9e419e3
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb</a>
Size/MD5 checksum: 20424 766ce624fa24e42d04b53511e1cbed21

mipsel architecture (MIPS (Little Endian))

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb</a>
Size/MD5 checksum: 90520 2dc1625becce40f479e50fdcf075571b
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb</a>
Size/MD5 checksum: 252396 52692425252b9c4263fb2899918d0966
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb</a>
Size/MD5 checksum: 197616 f228905aa01a3ae35801dc9b9b12c0ef
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb</a>
Size/MD5 checksum: 20454 e991967c20b95fe40b0f45acd9eafa1d

powerpc architecture (PowerPC)

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb</a>
Size/MD5 checksum: 197676 2debc2e40a4b17f562f82e5304ce8f4a
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb</a>
Size/MD5 checksum: 253048 e442f8398410b41db288e77c36b4cd5f
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb</a>
Size/MD5 checksum: 92152 bd22696efa2ad001a602c73d614f046c
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb</a>
Size/MD5 checksum: 21270 88d9a6a11ccb43ad9d7e2f6418875619

s390 architecture (IBM S/390)

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb</a>
Size/MD5 checksum: 200044 6476b48137e32a76c3c85b09a901c0bc
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb</a>
Size/MD5 checksum: 90586 de5f46464693e513d4045c0e037585ab
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb</a>
Size/MD5 checksum: 20108 cdd1618521e5e64d04e5e26a49803b4f
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb</a>
Size/MD5 checksum: 248498 4de3715c9a55f4aa0ba33fcde49ee7cd

sparc architecture (Sun SPARC/UltraSPARC)

<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb</a>
Size/MD5 checksum: 197656 06f3298311fba7fb8bb4a072372c79b4
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb</a>
Size/MD5 checksum: 19420 a4c54f7f457816b8e1f087055e959e23
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb</a>
Size/MD5 checksum: 247278 7c41012b79be5869fcf03f6c71be98b0
<a href=“http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb</a>
Size/MD5 checksum: 88798 5905a7ee0d9a17c564ef929655fd8cd7

补丁安装方法:

  1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件:

wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:

dpkg -i file.deb (file是相应的补丁名)

  1. 使用apt-get自动安装补丁包:

    首先,使用下面的命令更新内部数据库:

    apt-get update

    然后,使用下面的命令安装更新软件包:

    apt-get upgrade

Related

openvas 38
nessus 19
fedora 4
osv 1
gentoo 2
seebug 1
securityvulns 5
slackware 1
debian 1
prion 1
debiancve 1
ubuntu 3
ubuntucve 1
cve 1
freebsd 1
openvas
openvas
Fedora Update for glib2 FEDORA-2008-6025
2009-02-17 00:00:00
Ubuntu: Security Advisory (USN-624-1)
2009-03-23 00:00:00
Mandriva Update for pcre MDVSA-2008:147 (pcre)
2009-04-09 00:00:00
nessus
nessus
openSUSE Security Update : pcre (pcre-54)
2009-07-21 00:00:00
Fedora 8 : glib2-2.14.6-2.fc8 (2008-6025)
2008-07-08 00:00:00
Slackware 12.0 / 12.1 / current : pcre (SSA:2008-210-09)
2008-07-29 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: glib2-2.16.4-1.fc9
2008-07-03 03:16:40
[SECURITY] Fedora 8 Update: glib2-2.14.6-2.fc8
2008-07-03 03:14:39
[SECURITY] Fedora 9 Update: pcre-7.3-4.fc9
2008-07-06 06:11:43
osv
osv
pcre3 - arbitrary code execution
2008-07-05 00:00:00
gentoo
gentoo
PCRE: Buffer overflow
2008-07-07 00:00:00
PHP: Multiple vulnerabilities
2008-11-16 00:00:00
seebug
seebug
PCRE 规则表达式堆缓冲区溢出漏洞
2008-07-08 00:00:00
securityvulns
securityvulns
PCRE library buffer overflow
2008-07-07 00:00:00
PCRE buffer overflow
2008-07-18 00:00:00
[SECURITY] [DSA 1602-1] New pcre3 packages fix arbitrary code execution
2008-07-07 00:00:00
slackware
slackware
[slackware-security] pcre
2008-07-29 05:34:14
debian
debian
[SECURITY] [DSA 1602-1] New pcre3 packages fix arbitrary code execution
2008-07-05 12:37:12
prion
prion
Heap overflow
2008-07-07 23:41:00
debiancve
debiancve
CVE-2008-2371
2008-07-07 23:41:00
ubuntu
ubuntu
PCRE vulnerability
2008-07-15 00:00:00
Erlang vulnerability
2010-04-09 00:00:00
PHP vulnerabilities
2008-07-23 00:00:00
ubuntucve
ubuntucve
CVE-2008-2371
2008-07-07 00:00:00
cve
cve
CVE-2008-2371
2008-07-07 23:41:00
freebsd
freebsd
php -- multiple vulnerabilities
2008-12-04 00:00:00

0.003 Low

EPSS

Percentile

64.8%

JSON
Related for SSV:3564
openvas38nessus19fedora4osv1gentoo2seebug1securityvulns5slackware1debian1prion1debiancve1ubuntu3ubuntucve1cve1freebsd1