PT-2005-3395 · Python+5 · Python+5

Published

2005-08-01

Updated

2024-02-14

CVE-2005-2491

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PCRE versions prior to 6.2 Apache HTTP Server (affected versions not specified)

Description The issue is related to an integer overflow in the pcre compile.c file of the Perl Compatible Regular Expressions (PCRE) library, which can be exploited to execute arbitrary code via quantifier values in regular expressions. This leads to a heap-based buffer overflow. The PCRE library is used in multiple products, including Python, Ethereal, and PHP.

Recommendations For PCRE versions prior to 6.2, update to version 6.2 or later to resolve the issue. For Apache HTTP Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2491

DSA-800-1

DSA-817-1

DSA-819-1

DSA-821-1

DTSA-10-1

RHSA-2005:358

RHSA-2005:761

RHSA-2005_358

RHSA-2005_761

RHSA-2006:0197

RHSA-2006_0197

Affected Products

Apache Http Server

Ethereal

Pcre

Php

Python

Red Hat

PT-2005-3395 · Python+5 · Python+5

CVE-2005-2491

Related Identifiers

Affected Products

References · 77