CVE-2008-2371

Priority
Low
Description
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular
Expression (PCRE) library 7.7 allows context-dependent attackers to cause a
denial of service (crash) or possibly execute arbitrary code via a regular
expression that begins with an option and contains multiple branches.
References
Bugs
Notes
 jdstrand> kees did pcre3 update
 jdstrand> php5 on dapper and feisty is not vulnerable
 jdstrand> jdstrand sponsored erlang update for karmic and lucid
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needed
Patches:
Patch:http://cvs.php.net/viewvc.cgi/php-src/ext/pcre/pcrelib/pcre_compile.c?r1=1.1.2.1.2.6.2.4&r2=1.1.2.1.2.6.2.5&view=patch
Package
Source: pcre3 (LP Ubuntu Debian)
Upstream:released (7.7)
Package
Upstream:needs-triage
Patches:
Upstream:http://github.com/erlang/otp/commit/bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3.diff
Debdiff:https://bugs.launchpad.net/ubuntu/+source/erlang/+bug/535090
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:32:45 UTC (commit 9756)