Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8964

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-8964
Last Modified 03 Jun 2015 10:01:08
Published 16 Dec 2014 01:59:10
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8964

Summary

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Vulnerable Systems

Application

  • Pcre Perl Compatible Regular Expression Library 8.36

  • Pcre Perl-compatible Regular Expression Library 8.36


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1166147

MLIST - [oss-security] 20141121 Re: CVE request: heap buffer overflow in PCRE

CONFIRM - http://www.exim.org/viewvc/pcre?view=revision&revision=1513

FEDORA - FEDORA-2014-15573

CONFIRM - http://bugs.exim.org/show_bug.cgi?id=1546

REDHAT - RHSA-2015:0330

MANDRIVA - MDVSA-2015:002

CONFIRM - http://advisories.mageia.org/MGASA-2014-0534.html

MANDRIVA - MDVSA-2015:137

FEDORA - FEDORA-2014-17626

FEDORA - FEDORA-2014-17642

FEDORA - FEDORA-2014-17624

SUSE - openSUSE-SU-2015:0858


Last Updated: 27 May 2016 11:08:32