CVE		CVE-2008-2371
Status		Candidate
Description		Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
Phase		Assigned (21.05.2008)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2371
References		APPLE : APPLE-SA-2008-10-09
		APPLE : APPLE-SA-2009-05-12
		BID : 30087
		BID : 31681
		BUGTRAQ : 20081027 rPSA-2008-0305-1 pcre
		CERT : TA09-133A
		CONFIRM : http://bugs.gentoo.org/show_bug.cgi?id=228091
		CONFIRM : http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/g...
		CONFIRM : http://support.apple.com/kb/HT3216
		CONFIRM : http://support.apple.com/kb/HT3549
		CONFIRM : http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305
		DEBIAN : DSA-1602
		FEDORA : FEDORA-2008-6025
		FEDORA : FEDORA-2008-6048
		GENTOO : GLSA-200807-03
		HP : HPSBUX02431
		HP : HPSBUX02465
		HP : SSRT090085
		HP : SSRT090192
		MANDRIVA : MDVSA-2008:147
		MANDRIVA : MDVSA-2009:023
		SECUNIA : 30916
		SECUNIA : 30944
		SECUNIA : 30945
		SECUNIA : 30958
		SECUNIA : 30961
		SECUNIA : 30967
		SECUNIA : 30972
		SECUNIA : 30990
		SECUNIA : 31200
		SECUNIA : 32222
		SECUNIA : 32454
		SECUNIA : 35074
		SECUNIA : 35650
		SECUNIA : 39300
		SUSE : SUSE-SR:2008:014
		UBUNTU : USN-624-1
		UBUNTU : USN-624-2
		UBUNTU : USN-628-1
		VUPEN : ADV-2008-2005
		VUPEN : ADV-2008-2006
		VUPEN : ADV-2008-2336
		VUPEN : ADV-2008-2780
		VUPEN : ADV-2009-1297
		VUPEN : ADV-2010-0833
SecurityVulns:		PCRE library buffer overflow
		PCRE buffer overflow