Описание
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
A heap buffer overflow flaw was found in the regcomp() function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp() function could cause that application to crash and possibly execute arbitrary code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | mysql | Will not fix | ||
| Red Hat Enterprise Linux 5 | mysql51-mysql | Will not fix | ||
| Red Hat Enterprise Linux 5 | mysql55-mysql | Will not fix | ||
| Red Hat Enterprise Linux 5 | php | Will not fix | ||
| Red Hat Enterprise Linux 5 | php53 | Will not fix | ||
| Red Hat Enterprise Linux 6 | mesa-private-llvm | Not affected | ||
| Red Hat Enterprise Linux 6 | mysql | Will not fix | ||
| Red Hat Enterprise Linux 6 | php | Will not fix | ||
| Red Hat Enterprise Linux 7 | mariadb | Will not fix | ||
| Red Hat Enterprise Linux 7 | mesa-private-llvm | Not affected |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS2
Связанные уязвимости
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Integer overflow in the regcomp implementation in the Henry Spencer BS ...
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
5.1 Medium
CVSS2