CVE		CVE-2005-2491
Status		Candidate
Description		Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
Severity		High
CVSS score		7,5
CVSS vector		(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Phase		Assigned (06.09.2011)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2491
References		APPLE : APPLE-SA-2005-11-29
		BID : 14620
		BID : 15647
		CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
		CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
		CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
		CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
		CONFIRM : http://www.ethereal.com/appnotes/enpa-sa-00021.html
		CONFIRM : http://www.php.net/release_4_4_1.php
		DEBIAN : DSA-800
		DEBIAN : DSA-817
		DEBIAN : DSA-819
		DEBIAN : DSA-821
		FEDORA : FLSA:168516
		FRSIRT : ADV-2005-1511
		FRSIRT : ADV-2005-2659
		FRSIRT : ADV-2006-0789
		FRSIRT : ADV-2006-4320
		FRSIRT : ADV-2006-4502
		GENTOO : GLSA-200509-02
		GENTOO : GLSA-200509-08
		GENTOO : GLSA-200509-12
		GENTOO : GLSA-200509-19
		HP : HPSBMA02159
		HP : HPSBUX02074
		HP : SSRT051251
		HP : SSRT061238
		OPENPKG : OpenPKG-SA-2005.018
		OVAL : oval:org.mitre.oval:def:1496
		OVAL : oval:org.mitre.oval:def:1659
		OVAL : oval:org.mitre.oval:def:735
		REDHAT : RHSA-2005:358
		REDHAT : RHSA-2005:761
		REDHAT : RHSA-2006:0197
		SCO : SCOSA-2006.10
		SECTRACK : 1014744
		SECUNIA : 16502
		SECUNIA : 16679
		SECUNIA : 17252
		SECUNIA : 17813
		SECUNIA : 19072
		SECUNIA : 19193
		SECUNIA : 19532
		SECUNIA : 21522
		SECUNIA : 22691
		SECUNIA : 22875
		SGI : 20060401-01-U
		SUNALERT : 102198
		SUSE : SUSE-SA:2005:048
		SUSE : SUSE-SA:2005:049
		SUSE : SUSE-SA:2005:051
		SUSE : SUSE-SA:2005:052
		TRUSTIX : TSLSA-2005-0059