Your submission was sent successfully! Close

CVE-2015-2305

Published: 30 March 2015

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

From the Ubuntu security team

It was discovered that regcomp implementation has a buffer overflow that affects vigor. An attacker could use this vulnerability to cause a denial of service (crash).

Priority

Medium

Status

Package Release Status
alpine
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
clamav
Launchpad, Ubuntu, Debian
artful
Released (0.98.7+dfsg-0ubuntu1)
bionic
Released (0.98.7+dfsg-0ubuntu1)
cosmic
Released (0.98.7+dfsg-0ubuntu1)
disco
Released (0.98.7+dfsg-0ubuntu1)
eoan
Released (0.98.7+dfsg-0ubuntu1)
focal
Released (0.98.7+dfsg-0ubuntu1)
groovy
Released (0.98.7+dfsg-0ubuntu1)
hirsute
Released (0.98.7+dfsg-0ubuntu1)
impish
Released (0.98.7+dfsg-0ubuntu1)
jammy
Released (0.98.7+dfsg-0ubuntu1)
lucid Ignored
(reached end-of-life)
precise
Released (0.98.7+dfsg-0ubuntu0.12.04.1)
trusty
Released (0.98.7+dfsg-0ubuntu0.14.04.1)
upstream
Released (0.98.7)
utopic
Released (0.98.7+dfsg-0ubuntu0.14.10.1)
vivid
Released (0.98.7+dfsg-0ubuntu0.15.04.1)
wily
Released (0.98.7+dfsg-0ubuntu1)
xenial
Released (0.98.7+dfsg-0ubuntu1)
yakkety
Released (0.98.7+dfsg-0ubuntu1)
zesty
Released (0.98.7+dfsg-0ubuntu1)
cups
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
efl
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
lucid Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
haskell-regex-posix
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
knews
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
librcsb-core-wrapper
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.005-3)
bionic Not vulnerable
(1.005-3)
cosmic Not vulnerable
(1.005-3)
disco Not vulnerable
(1.005-3)
eoan Not vulnerable
(1.005-3)
focal Not vulnerable
(1.005-3)
groovy Not vulnerable
(1.005-3)
hirsute Not vulnerable
(1.005-3)
impish Not vulnerable
(1.005-3)
jammy Not vulnerable
(1.005-3)
lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.005-3)
utopic Ignored
(reached end-of-life)
vivid Not vulnerable
(1.005-3)
wily Not vulnerable
(1.005-3)
xenial Not vulnerable
(1.005-3)
yakkety Not vulnerable
(1.005-3)
zesty Not vulnerable
(1.005-3)
llvm-toolchain-3.4
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Does not exist

precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needed)
upstream Needed

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

llvm-toolchain-3.5
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Not vulnerable
(1:3.5.2-2)
xenial Not vulnerable
(1:3.5.2-2)
yakkety Not vulnerable
(1:3.5.2-2)
zesty Does not exist

llvm-toolchain-3.6
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Does not exist

precise Does not exist

trusty Not vulnerable
(1:3.6-2ubuntu1~trusty2)
upstream
Released (1:3.6-1)
utopic Does not exist

vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(1:3.6.2-3ubuntu2)
yakkety Ignored
(reached end-of-life)
zesty Does not exist

llvm-toolchain-snapshot
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1:3.8~svn245286-1)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

newlib
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(2.1.0-3)
cosmic Not vulnerable
(2.1.0-3)
disco Not vulnerable
(2.1.0-3)
eoan Not vulnerable
(2.1.0-3)
focal Not vulnerable
(2.1.0-3)
groovy Not vulnerable
(2.1.0-3)
hirsute Not vulnerable
(2.1.0-3)
impish Not vulnerable
(2.1.0-3)
jammy Not vulnerable
(2.1.0-3)
lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was not-affected [2.1.0-3])
upstream
Released (2.0.0-1)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(2.1.0-3)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
nvi
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1.81.6-13)
cosmic Not vulnerable
(1.81.6-13)
disco Not vulnerable
(1.81.6-13)
eoan Not vulnerable
(1.81.6-13)
focal Not vulnerable
(1.81.6-13)
groovy Not vulnerable
(1.81.6-13)
hirsute Not vulnerable
(1.81.6-13)
impish Not vulnerable
(1.81.6-13)
jammy Not vulnerable
(1.81.6-13)
lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needed)
upstream
Released (1.81.6-13)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
olsrd
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
openrpt
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needed

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
php5
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid
Released (5.3.2-1ubuntu4.30)
precise
Released (5.3.10-1ubuntu3.18)
trusty
Released (5.5.9+dfsg-1ubuntu4.9)
upstream
Released (5.6.6+dfsg-1)
utopic
Released (5.5.12+dfsg-2ubuntu4.4)
vivid
Released (5.6.4+dfsg-4ubuntu4)
wily
Released (5.6.4+dfsg-4ubuntu4)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

ptlib
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
radare2
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(2.3.0+dfsg-2)
cosmic Not vulnerable
(2.3.0+dfsg-2)
disco Not vulnerable
(2.3.0+dfsg-2)
eoan Not vulnerable
(2.3.0+dfsg-2)
focal Not vulnerable
(2.3.0+dfsg-2)
groovy Not vulnerable
(2.3.0+dfsg-2)
hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Does not exist

precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needed)
upstream
Released (1.1.0+dfsg-5)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
sma
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
vigor
Launchpad, Ubuntu, Debian
artful Not vulnerable
(0.016-24)
bionic Not vulnerable
(0.016-24)
cosmic Not vulnerable
(0.016-24)
disco Not vulnerable
(0.016-24)
eoan Not vulnerable
(0.016-24)
focal Not vulnerable
(0.016-24)
groovy Not vulnerable
(0.016-24)
hirsute Not vulnerable
(0.016-24)
impish Not vulnerable
(0.016-24)
jammy Not vulnerable
(0.016-24)
lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was released [0.016-24build0.14.04.1])
upstream
Released (0.016-24)
utopic Ignored
(reached end-of-life)
vivid Not vulnerable
(0.016-24)
wily Not vulnerable
(0.016-24)
xenial Not vulnerable
(0.016-24)
yakkety Not vulnerable
(0.016-24)
zesty Not vulnerable
(0.016-24)
vnc4
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Not vulnerable
(code not built)
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
yap
Launchpad, Ubuntu, Debian
artful Not vulnerable
(6.2.2-3)
bionic Not vulnerable
(6.2.2-3)
cosmic Not vulnerable
(6.2.2-3)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needed)
upstream
Released (6.2.2-3)
utopic Ignored
(reached end-of-life)
vivid Not vulnerable
(6.2.2-3)
wily Not vulnerable
(6.2.2-3)
xenial Not vulnerable
(6.2.2-3)
yakkety Not vulnerable
(6.2.2-3)
zesty Not vulnerable
(6.2.2-3)
z88dk
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Not vulnerable
(code not built)
precise Does not exist
(precise was not-affected [code not built])
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)