Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5073

Опубликовано: 23 июн. 2015
Источник: redhat
CVSS2: 4.3

Описание

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8pcreNot affected
Red Hat Enterprise Linux 5pcreNot affected
Red Hat Enterprise Linux 6glib2Will not fix
Red Hat Enterprise Linux 6pcreNot affected
Red Hat Enterprise Linux 7glib2Will not fix
Red Hat Enterprise Linux 7virtuoso-opensourceNot affected
Red Hat JBoss Enterprise Web Server 1httpdNot affected
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat JBoss Enterprise Web Server 3pcreWill not fix
Red Hat Software Collectionsphp54-phpWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1237223pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5073

CVSS3: 9.1
ubuntu
больше 8 лет назад

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

nvd логотип

CVE-2015-5073

CVSS3: 9.1
nvd
больше 8 лет назад

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

debian логотип

CVE-2015-5073

CVSS3: 9.1
debian
больше 8 лет назад

Heap-based buffer overflow in the find_fixedlength function in pcre_co ...

github логотип

GHSA-r9r2-m4cw-3hgp

CVSS3: 9.1
github
около 3 лет назад

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

oracle-oval логотип

ELSA-2016-1025

oracle-oval
около 9 лет назад

ELSA-2016-1025: pcre security update (IMPORTANT)

4.3 Medium

CVSS2