CVE-2008-2371

Priority
Low
Description
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular
Expression (PCRE) library 7.7 allows context-dependent attackers to cause a
denial of service (crash) or possibly execute arbitrary code via a regular
expression that begins with an option and contains multiple branches.
References
Bugs
Notes
jdstrand> kees did pcre3 update
jdstrand> php5 on dapper and feisty is not vulnerable
jdstrand> jdstrand sponsored erlang update for karmic and lucid
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):released (5.2.4-2ubuntu5.3)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Patches:
Patch:http://cvs.php.net/viewvc.cgi/php-src/ext/pcre/pcrelib/pcre_compile.c?r1=1.1.2.1.2.6.2.4&r2=1.1.2.1.2.6.2.5&view=patch
Package
Source: pcre3 (LP Ubuntu Debian)
Upstream:released (7.7)
Ubuntu 8.04 LTS (Hardy Heron):released (7.4-1ubuntu2.1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected (code-not-present)
Ubuntu 10.04 LTS (Lucid Lynx):released (1:13.b.3-dfsg-2ubuntu2)
Patches:
Upstream:http://github.com/erlang/otp/commit/bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3.diff
Debdiff:https://bugs.launchpad.net/ubuntu/+source/erlang/+bug/535090
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:50 UTC (commit 5347)