Executive Summary
Summary | |
---|---|
Title | PCRE: Buffer overflow |
Informations | |||
---|---|---|---|
Name | GLSA-200803-24 | First vendor Publication | 2008-03-17 |
Vendor | Gentoo | Last vendor Modification | 2008-03-17 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis A buffer overflow vulnerability has been discovered in PCRE, allowing for the execution of arbitrary code and Denial of Service. Background Description Impact Workaround Resolution All GLib users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-200803-24.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200803-24.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16801 | |||
Oval ID: | oval:org.mitre.oval:def:16801 | ||
Title: | USN-581-1 -- pcre3 vulnerability | ||
Description: | It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-581-1 CVE-2008-0674 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | pcre3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18757 | |||
Oval ID: | oval:org.mitre.oval:def:18757 | ||
Title: | DSA-1499-1 pcre3 - arbitrary code execution | ||
Description: | It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (<a href="http://security-tracker.debian.org/tracker/CVE-2008-0674">CVE-2008-0674</a>). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1499-1 CVE-2008-0674 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7886 | |||
Oval ID: | oval:org.mitre.oval:def:7886 | ||
Title: | DSA-1499 pcre3 -- buffer overflow | ||
Description: | It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1499 CVE-2008-0674 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | pcre3 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.6 File : nvt/nopsec_php_5_2_6.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2010-05-12 | Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003 File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-04-09 | Name : Mandriva Update for pcre MDVSA-2008:053 (pcre) File : nvt/gb_mandriva_MDVSA_2008_053.nasl |
2009-03-23 | Name : Ubuntu Update for pcre3 vulnerability USN-581-1 File : nvt/gb_ubuntu_USN_581_1.nasl |
2009-02-17 | Name : Fedora Update for pcre FEDORA-2008-6111 File : nvt/gb_fedora_2008_6111_pcre_fc8.nasl |
2009-02-16 | Name : Fedora Update for glib2 FEDORA-2008-1533 File : nvt/gb_fedora_2008_1533_glib2_fc8.nasl |
2009-02-16 | Name : Fedora Update for pcre FEDORA-2008-1783 File : nvt/gb_fedora_2008_1783_pcre_fc8.nasl |
2009-02-16 | Name : Fedora Update for pcre FEDORA-2008-1842 File : nvt/gb_fedora_2008_1842_pcre_fc7.nasl |
2008-11-19 | Name : Gentoo Security Advisory GLSA 200811-05 (php) File : nvt/glsa_200811_05.nasl |
2008-10-07 | Name : Multiple Vulnerabilities in PHP August-08 File : nvt/gb_php_mult_vuln_aug08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-24 (libpcre glib) File : nvt/glsa_200803_24.nasl |
2008-09-04 | Name : FreeBSD Ports: pcre File : nvt/freebsd_pcre1.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1499-1 (pcre3) File : nvt/deb_1499_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41989 | Perl-Compatible Regular Expression (PCRE) Character Class Handling Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-08-05 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-053.nasl - Type : ACT_GATHER_INFO |
2008-11-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200811-05.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6111.nasl - Type : ACT_GATHER_INFO |
2008-05-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_6.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-24.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1842.nasl - Type : ACT_GATHER_INFO |
2008-03-04 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f9e96930e6df11dc8c6a00304881ac9a.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1499.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-581-1.nasl - Type : ACT_GATHER_INFO |
2008-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1783.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1533.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:40 |
|