CVE-2008-2371
Published: 7 July 2008
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
Notes
Author | Note |
---|---|
jdstrand | kees did pcre3 update php5 on dapper and feisty is not vulnerable jdstrand sponsored erlang update for karmic and lucid |
Priority
Status
Package | Release | Status |
---|---|---|
pcre3 Launchpad, Ubuntu, Debian |
upstream |
Released
(7.7)
|
dapper |
Released
(7.4-0ubuntu0.6.06.3)
|
|
feisty |
Released
(7.4-0ubuntu0.7.04.3)
|
|
gutsy |
Released
(7.4-0ubuntu0.7.10.3)
|
|
hardy |
Released
(7.4-1ubuntu2.1)
|
|
intrepid |
Released
(7.6-2.1ubuntu1)
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
php5 Launchpad, Ubuntu, Debian |
upstream |
Needed
|
dapper |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Released
(5.2.3-1ubuntu6.4)
|
|
hardy |
Released
(5.2.4-2ubuntu5.3)
|
|
intrepid |
Not vulnerable
(library is not built in Debian)
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
Patches: other: http://cvs.php.net/viewvc.cgi/php-src/ext/pcre/pcrelib/pcre_compile.c?r1=1.1.2.1.2.6.2.4&r2=1.1.2.1.2.6.2.5&view=patch |
||
erlang Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Not vulnerable
(code-not-present)
|
|
hardy |
Not vulnerable
(code-not-present)
|
|
intrepid |
Released
(1:12.b.3-dfsg-1ubuntu1.1)
|
|
jaunty |
Released
(1:12.b.5-dfsg-2ubuntu0.1)
|
|
karmic |
Released
(1:13.b.1-dfsg-2ubuntu1.1)
|
|
Patches: upstream: http://github.com/erlang/otp/commit/bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3.diff debdiff: https://bugs.launchpad.net/ubuntu/+source/erlang/+bug/535090 |