Home > Vulnerability Database > CVE-2005-2491

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2005-2491

Date: August 21, 2005

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Severity Score

7.3

Related Resources (70)

Url: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Url: http://www.vupen.com/english/advisories/2006/4320

Url: http://www.debian.org/security/2005/dsa-821

Url: http://marc.info/?l=bugtraq&m=130497311408250&w=2

Url: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Url: http://secunia.com/advisories/16502

Url: http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml

Url: http://secunia.com/advisories/19532

Url: http://www.vupen.com/english/advisories/2005/2659

Url: https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

Url: http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-2491

Url: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Url: ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

Url: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Url: http://www.novell.com/linux/security/advisories/2005_48_pcre.html

Url: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Url: http://www.novell.com/linux/security/advisories/2005_52_apache2.html

Url: http://marc.info/?l=bugtraq&m=112606064317223&w=2

Url: http://secunia.com/advisories/16679

Url: http://www.debian.org/security/2005/dsa-817

Url: http://www.debian.org/security/2005/dsa-819

Url: http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml

Url: https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E

Url: http://www.php.net/release_4_4_1.php

Url: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Url: http://secunia.com/advisories/17252

Url: http://secunia.com/advisories/22875

Url: http://www.vupen.com/english/advisories/2006/0789

Url: http://www.securityfocus.com/archive/1/428138/100/0/threaded

Url: http://secunia.com/advisories/19072

Url: http://secunia.com/advisories/19193

Url: http://marc.info/?l=bugtraq&m=112605112027335&w=2

Url: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Url: http://www.redhat.com/support/errata/RHSA-2005-761.html

Url: http://www.vupen.com/english/advisories/2006/4502

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-2491

Url: http://www.novell.com/linux/security/advisories/2005_49_php.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735

Url: http://www.debian.org/security/2005/dsa-800

Url: http://secunia.com/advisories/17813

Url: http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml

Url: https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E

Url: http://docs.info.apple.com/article.html?artnum=302847

Url: http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt

Url: http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

Url: http://www.securityfocus.com/bid/15647

Url: http://securityreason.com/securityalert/604

Url: http://www.redhat.com/support/errata/RHSA-2006-0197.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659

Url: http://www.ethereal.com/appnotes/enpa-sa-00021.html

Url: http://www.redhat.com/support/errata/RHSA-2005-358.html

Url: http://www.securityfocus.com/archive/1/427046/100/0/threaded

Url: http://www.vupen.com/english/advisories/2005/1511

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496

Url: http://securitytracker.com/id?1014744

Url: http://secunia.com/advisories/21522

Url: http://www.securityfocus.com/bid/14620

Url: http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

Url: http://secunia.com/advisories/22691

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm

Url: http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

Url: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516

Url: https://www.mend.io/vulnerability-database/CVE-2005-2491

Severity Score

7.3

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us