CVE - CVE-2008-2371

CVE-ID
CVE-2008-2371	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20081027 rPSA-2008-0305-1 pcre URL:http://www.securityfocus.com/archive/1/497828/100/0/threaded MISC:30087 URL:http://www.securityfocus.com/bid/30087 MISC:30916 URL:http://secunia.com/advisories/30916 MISC:30944 URL:http://secunia.com/advisories/30944 MISC:30945 URL:http://secunia.com/advisories/30945 MISC:30958 URL:http://secunia.com/advisories/30958 MISC:30961 URL:http://secunia.com/advisories/30961 MISC:30967 URL:http://secunia.com/advisories/30967 MISC:30972 URL:http://secunia.com/advisories/30972 MISC:30990 URL:http://secunia.com/advisories/30990 MISC:31200 URL:http://secunia.com/advisories/31200 MISC:31681 URL:http://www.securityfocus.com/bid/31681 MISC:32222 URL:http://secunia.com/advisories/32222 MISC:32454 URL:http://secunia.com/advisories/32454 MISC:32746 URL:http://secunia.com/advisories/32746 MISC:35074 URL:http://secunia.com/advisories/35074 MISC:35650 URL:http://secunia.com/advisories/35650 MISC:39300 URL:http://secunia.com/advisories/39300 MISC:ADV-2008-2005 URL:~~http://www.vupen.com/english/advisories/2008/2005~~ (Obsolete source) MISC:ADV-2008-2006 URL:~~http://www.vupen.com/english/advisories/2008/2006~~ (Obsolete source) MISC:ADV-2008-2336 URL:~~http://www.vupen.com/english/advisories/2008/2336~~ (Obsolete source) MISC:ADV-2008-2780 URL:~~http://www.vupen.com/english/advisories/2008/2780~~ (Obsolete source) MISC:ADV-2009-1297 URL:~~http://www.vupen.com/english/advisories/2009/1297~~ (Obsolete source) MISC:ADV-2010-0833 URL:~~http://www.vupen.com/english/advisories/2010/0833~~ (Obsolete source) MISC:APPLE-SA-2008-10-09 URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html MISC:APPLE-SA-2009-05-12 URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html MISC:DSA-1602 URL:http://www.debian.org/security/2008/dsa-1602 MISC:FEDORA-2008-6025 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html MISC:FEDORA-2008-6048 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html MISC:GLSA-200807-03 URL:http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml MISC:GLSA-200811-05 URL:http://security.gentoo.org/glsa/glsa-200811-05.xml MISC:HPSBUX02431 URL:http://marc.info/?l=bugtraq&m=124654546101607&w=2 MISC:HPSBUX02465 URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2 MISC:MDVSA-2008:147 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:147~~ (Obsolete source) MISC:MDVSA-2009:023 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:023~~ (Obsolete source) MISC:SSRT090085 URL:http://marc.info/?l=bugtraq&m=124654546101607&w=2 MISC:SSRT090192 URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2 MISC:SUSE-SR:2008:014 URL:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html MISC:TA09-133A URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html MISC:USN-624-1 URL:http://www.ubuntu.com/usn/usn-624-1 MISC:USN-624-2 URL:http://ubuntu.com/usn/usn-624-2 MISC:USN-628-1 URL:http://www.ubuntu.com/usn/usn-628-1 MISC:http://bugs.gentoo.org/show_bug.cgi?id=228091 URL:http://bugs.gentoo.org/show_bug.cgi?id=228091 MISC:http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes URL:http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes MISC:http://support.apple.com/kb/HT3216 URL:http://support.apple.com/kb/HT3216 MISC:http://support.apple.com/kb/HT3549 URL:http://support.apple.com/kb/HT3549 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305
Assigning CNA
Red Hat, Inc.
Date Record Created
20080521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)