Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-2305

Опубликовано: 30 мар. 2015
Источник: nvd
CVSS2: 6.8
EPSS Средний

Описание

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:rxspencer_project:rxspencer:3.8.g5:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.4.0 (включая) до 5.4.39 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.5.0 (включая) до 5.5.23 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.6.0 (включая) до 5.6.7 (исключая)

EPSS

Процентиль: 97%
0.37262
Средний

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2015-2305

ubuntu
больше 10 лет назад

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

redhat логотип

CVE-2015-2305

redhat
больше 10 лет назад

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

debian логотип

CVE-2015-2305

debian
больше 10 лет назад

Integer overflow in the regcomp implementation in the Henry Spencer BS ...

github логотип

GHSA-qcm7-3c5w-vhg7

github
около 3 лет назад

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

suse-cvrf логотип

SUSE-SU-2015:0882-2

suse-cvrf
около 10 лет назад

Security update for clamav

EPSS

Процентиль: 97%
0.37262
Средний

6.8 Medium

CVSS2

Дефекты

CWE-190