Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2015-2305
StatusCandidate
DescriptionInteger overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Severity
Medium
CVSS score6,8
CVSS vector(AV:N/AC:M/Au:N/C:P/I:P/A:P)
PhaseAssigned (09.10.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2305
ReferencesSECTRACK : 1031947
 DEBIAN : DSA-3195
 CONFIRM : http://blog.clamav.net/2015/04/clamav-0987-has-bee...
 CONFIRM : http://php.net/ChangeLog-5.php
 MISC : https://guidovranken.wordpress.com/2015/02/04/full...
 SUSE : openSUSE-SU-2015:0644
 SUSE : SUSE-SU-2015:0946
 UBUNTU : USN-2594-1
 CERT-VN : VU#695940
 MLIST : [oss-security] 20150207 Spencer regexp heap overflow?
 MLIST : [oss-security] 20150311 Re: CVE request: spencer regexp
SecurityVulns:ClamAV multiple security vulnerabilities
 PHP multiple security vulnerabilities
 Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod