PT-2015-5704 · Netbsd+3 · Henry Spencer Bsd Regex Library+4

Guido Vranken

Publicado

2015-03-18

Atualizado

2024-06-15

CVE-2015-2305

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NetBSD versions prior to 6.1.5

Description The issue is related to an integer overflow in the regcomp implementation in the Henry Spencer BSD regex library, which can lead to a heap-based buffer overflow. This might allow attackers to execute arbitrary code via a large regular expression.

Recommendations For NetBSD versions prior to 6.1.5, update to version 6.1.5 or later to resolve the issue.

Exploit

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CVE-2015-2305

DLA-233-1

DLA-444-1

DSA-3195-1

HPSBUX03337

MGASA-2015-0134

MGASA-2015-0190

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:10571-1

RHSA-2015:1053

RHSA-2015:1066

SUSE-SU-2015:0298-1

SUSE-SU-2015:0370-1

SUSE-SU-2015:0436-1

SUSE-SU-2015:0620-1

SUSE-SU-2015:0868-1

SUSE-SU-2015:0871-1

SUSE-SU-2015:0882-1

SUSE-SU-2015:0882-2

SUSE-SU-2015:0946-1

SUSE-SU-2015:1018-1

SUSE-SU-2015:1177-1

SUSE-SU-2015:1265-1

SUSE-SU-2016:1638-1

USN-2572-1

USN-2594-1

Produtos afetados

Henry Spencer Bsd Regex Library

Hp-Ux

Netbsd

Suse

Ubuntu

PT-2015-5704 · Netbsd+3 · Henry Spencer Bsd Regex Library+4

CVE-2015-2305

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 368