CVE-2008-2371

CVSS V2 High 7.5 CVSS V3 None
Description
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
Overview
  • CVE ID
  • CVE-2008-2371
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2008-07-07T23:41:00
  • Last Modified Date
  • 2022-08-01T15:54:58
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:pcre:pcre:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 1 OR 5.2.0 5.2.7
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://bugs.gentoo.org/show_bug.cgi?id=228091 Exploit
http://www.debian.org/security/2008/dsa-1602
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30916 Vendor Advisory
http://secunia.com/advisories/30944 Vendor Advisory
http://secunia.com/advisories/30958 Vendor Advisory
http://secunia.com/advisories/30961 Vendor Advisory
http://www.ubuntu.com/usn/usn-624-1
http://secunia.com/advisories/30967
http://www.mandriva.com/security/advisories?name=MDVSA-2008:147
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html
http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml
http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes
http://secunia.com/advisories/31200
http://www.ubuntu.com/usn/usn-628-1
http://secunia.com/advisories/30972
http://www.securityfocus.com/bid/30087
http://secunia.com/advisories/30990
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html
http://secunia.com/advisories/30945
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://www.securityfocus.com/bid/31681
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://secunia.com/advisories/32454
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.vupen.com/english/advisories/2008/2336
http://support.apple.com/kb/HT3549
http://www.vupen.com/english/advisories/2009/1297
http://www.us-cert.gov/cas/techalerts/TA09-133A.html US Government Resource
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://secunia.com/advisories/35650
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://ubuntu.com/usn/usn-624-2
http://www.vupen.com/english/advisories/2010/0833
http://secunia.com/advisories/39300
http://www.vupen.com/english/advisories/2008/2005
http://www.vupen.com/english/advisories/2008/2006
http://www.vupen.com/english/advisories/2008/2780
http://secunia.com/advisories/32746
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://www.securityfocus.com/archive/1/497828/100/0/threaded
History
Created Old Value New Value Data Type Notes
2022-05-10 18:28:50 Added to TrackCVE