PT-2015-5704 · Netbsd+3 · Henry Spencer Bsd Regex Library+4

Guido Vranken

Published

2015-03-18

Updated

2024-06-15

CVE-2015-2305

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NetBSD versions prior to 6.1.5

Description The issue is related to an integer overflow in the regcomp implementation in the Henry Spencer BSD regex library, which can lead to a heap-based buffer overflow. This might allow attackers to execute arbitrary code via a large regular expression.

Recommendations For NetBSD versions prior to 6.1.5, update to version 6.1.5 or later to resolve the issue.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2015-2305

DLA-233-1

DLA-444-1

DSA-3195-1

HPSBUX03337

MGASA-2015-0134

MGASA-2015-0190

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:10571-1

RHSA-2015:1053

RHSA-2015:1066

SUSE-SU-2015:0298-1

SUSE-SU-2015:0370-1

SUSE-SU-2015:0436-1

SUSE-SU-2015:0620-1

SUSE-SU-2015:0868-1

SUSE-SU-2015:0871-1

SUSE-SU-2015:0882-1

SUSE-SU-2015:0882-2

SUSE-SU-2015:0946-1

SUSE-SU-2015:1018-1

SUSE-SU-2015:1177-1

SUSE-SU-2015:1265-1

SUSE-SU-2016:1638-1

USN-2572-1

USN-2594-1

Affected Products

Henry Spencer Bsd Regex Library

Hp-Ux

Netbsd

Suse

Ubuntu

PT-2015-5704 · Netbsd+3 · Henry Spencer Bsd Regex Library+4

CVE-2015-2305

Weakness Enumeration

Related Identifiers

Affected Products

References · 368