Описание
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php5 | fixed | 5.6.6+dfsg-1 | package | |
| olsrd | not-affected | package | ||
| llvm-toolchain-3.4 | removed | package | ||
| llvm-toolchain-3.4 | no-dsa | jessie | package | |
| llvm-toolchain-3.5 | fixed | 1:3.5.2-2 | package | |
| llvm-toolchain-3.5 | no-dsa | jessie | package | |
| llvm-toolchain-3.6 | fixed | 1:3.6-1 | package | |
| llvm-toolchain-3.7 | fixed | 1:3.7~+rc3-1 | package | |
| llvm-toolchain-snapshot | fixed | 1:3.8~svn245286-1 | package | |
| haskell-regex-posix | not-affected | package | ||
| cups | not-affected | package | ||
| librcsb-core-wrapper | fixed | 1.005-3 | package | |
| openrpt | removed | package | ||
| z88dk | not-affected | package | ||
| newlib | fixed | 2.0.0-1 | package | |
| newlib | no-dsa | squeeze | package | |
| newlib | no-dsa | wheezy | package | |
| yap | fixed | 6.2.2-3 | package | |
| yap | no-dsa | jessie | package | |
| yap | no-dsa | squeeze | package | |
| yap | no-dsa | wheezy | package | |
| vnc4 | fixed | 4.1.1+X4.3.0+t-1 | package | |
| sma | not-affected | package | ||
| clamav | fixed | 0.98.7+dfsg-1 | package | |
| clamav | fixed | 0.98.7+dfsg-0+deb8u1 | jessie | package |
| clamav | fixed | 0.98.7+dfsg-0+deb7u1 | wheezy | package |
| clamav | fixed | 0.98.7+dfsg-0+deb6u1 | squeeze | package |
| knews | not-affected | package | ||
| radare2 | fixed | 0.10.5+dfsg-1 | package | |
| radare2 | no-dsa | jessie | package | |
| radare2 | no-dsa | wheezy | package | |
| efl | not-affected | package | ||
| ptlib | unfixed | package | ||
| alpine | not-affected | package | ||
| vigor | fixed | 0.016-24 | package | |
| vigor | fixed | 0.016-19+deb7u1 | wheezy | package |
| nvi | fixed | 1.81.6-13 | package |
Примечания
affected code not built in vnc4, starting with 4.1.1+X4.3.0+t-1 it's a transitional package
Only exploitable through virusdb updates, which need to be trusted anywaya
ptlib uses the regex code from glibc, local fallback code not used
No security impact in nvi/vigor and openrpt
http://www.kb.cert.org/vuls/id/695940
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
https://www.openwall.com/lists/oss-security/2015/02/16/8
EPSS
Связанные уязвимости
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
EPSS