CVE - CVE-2005-2491

CVE-ID
CVE-2005-2491	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1014744 URL:http://securitytracker.com/id?1014744 MISC:102198 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1~~ (Obsolete source) MISC:14620 URL:http://www.securityfocus.com/bid/14620 MISC:15647 URL:http://www.securityfocus.com/bid/15647 MISC:16502 URL:http://secunia.com/advisories/16502 MISC:16679 URL:http://secunia.com/advisories/16679 MISC:17252 URL:http://secunia.com/advisories/17252 MISC:17813 URL:http://secunia.com/advisories/17813 MISC:19072 URL:http://secunia.com/advisories/19072 MISC:19193 URL:http://secunia.com/advisories/19193 MISC:19532 URL:http://secunia.com/advisories/19532 MISC:20060401-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U MISC:21522 URL:http://secunia.com/advisories/21522 MISC:22691 URL:http://secunia.com/advisories/22691 MISC:22875 URL:http://secunia.com/advisories/22875 MISC:604 URL:http://securityreason.com/securityalert/604 MISC:ADV-2005-1511 URL:~~http://www.vupen.com/english/advisories/2005/1511~~ (Obsolete source) MISC:ADV-2005-2659 URL:~~http://www.vupen.com/english/advisories/2005/2659~~ (Obsolete source) MISC:ADV-2006-0789 URL:~~http://www.vupen.com/english/advisories/2006/0789~~ (Obsolete source) MISC:ADV-2006-4320 URL:~~http://www.vupen.com/english/advisories/2006/4320~~ (Obsolete source) MISC:ADV-2006-4502 URL:~~http://www.vupen.com/english/advisories/2006/4502~~ (Obsolete source) MISC:APPLE-SA-2005-11-29 URL:http://docs.info.apple.com/article.html?artnum=302847 MISC:DSA-800 URL:http://www.debian.org/security/2005/dsa-800 MISC:DSA-817 URL:http://www.debian.org/security/2005/dsa-817 MISC:DSA-819 URL:http://www.debian.org/security/2005/dsa-819 MISC:DSA-821 URL:http://www.debian.org/security/2005/dsa-821 MISC:FLSA:168516 URL:http://www.securityfocus.com/archive/1/427046/100/0/threaded MISC:GLSA-200508-17 URL:http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml MISC:GLSA-200509-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml MISC:GLSA-200509-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml MISC:GLSA-200509-12 URL:http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml MISC:GLSA-200509-19 URL:http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml MISC:HPSBMA02159 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 MISC:HPSBOV02683 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MISC:HPSBUX02074 URL:http://www.securityfocus.com/archive/1/428138/100/0/threaded MISC:OpenPKG-SA-2005.018 URL:http://marc.info/?l=bugtraq&m=112606064317223&w=2 MISC:RHSA-2005:358 URL:http://www.redhat.com/support/errata/RHSA-2005-358.html MISC:RHSA-2005:761 URL:http://www.redhat.com/support/errata/RHSA-2005-761.html MISC:RHSA-2006:0197 URL:http://www.redhat.com/support/errata/RHSA-2006-0197.html MISC:SCOSA-2006.10 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt MISC:SSRT051251 URL:http://www.securityfocus.com/archive/1/428138/100/0/threaded MISC:SSRT061238 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 MISC:SSRT090208 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MISC:SUSE-SA:2005:048 URL:http://www.novell.com/linux/security/advisories/2005_48_pcre.html MISC:SUSE-SA:2005:049 URL:http://www.novell.com/linux/security/advisories/2005_49_php.html MISC:SUSE-SA:2005:051 URL:http://marc.info/?l=bugtraq&m=112605112027335&w=2 MISC:SUSE-SA:2005:052 URL:http://www.novell.com/linux/security/advisories/2005_52_apache2.html MISC:TSLSA-2005-0059 URL:~~http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html~~ (Obsolete source - check if archived by the Wayback Machine) MISC:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E MISC:http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf URL:http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf MISC:http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf URL:http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm MISC:http://www.ethereal.com/appnotes/enpa-sa-00021.html URL:http://www.ethereal.com/appnotes/enpa-sa-00021.html MISC:http://www.php.net/release_4_4_1.php URL:http://www.php.net/release_4_4_1.php MISC:oval:org.mitre.oval:def:11516 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516 MISC:oval:org.mitre.oval:def:1496 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496 MISC:oval:org.mitre.oval:def:1659 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659 MISC:oval:org.mitre.oval:def:735 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735
Assigning CNA
Red Hat, Inc.
Date Record Created
20050808	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050808)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)