Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4872

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4872
Last Modified 21 Aug 2010 12:37:14
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4872

Summary

Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Vulnerable Systems

Application

  • Pcre 6.1


References

BID - 26462

REDHAT - RHSA-2007:1052

CONFIRM - http://www.pcre.org/changelog.txt

SUSE - SUSE-SA:2007:062

MANDRIVA - MDVSA-2008:030

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm

SECUNIA - 28658

SECUNIA - 27869

SECUNIA - 27773

SECUNIA - 27582

MISC - http://scary.beasts.org/security/CESA-2007-006.html

SUSE - SUSE-SA:2008:004


Last Updated: 27 May 2016 10:41:28