CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-2491

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 82.4%

CVSS Severity

CVSS v2 Score 7.5

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://docs.info.apple.com/article.html?artnum=302847
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://marc.info/?l=bugtraq&m=112605112027335&w=2
http://marc.info/?l=bugtraq&m=112606064317223&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://secunia.com/advisories/16502
http://secunia.com/advisories/16679
http://secunia.com/advisories/17252
http://secunia.com/advisories/17813
http://secunia.com/advisories/19072
http://secunia.com/advisories/19193
http://secunia.com/advisories/19532
http://secunia.com/advisories/21522
http://secunia.com/advisories/22691
http://secunia.com/advisories/22875
http://securityreason.com/securityalert/604
http://securitytracker.com/id?1014744
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
http://www.debian.org/security/2005/dsa-800
http://www.debian.org/security/2005/dsa-817
http://www.debian.org/security/2005/dsa-819
http://www.debian.org/security/2005/dsa-821
http://www.ethereal.com/appnotes/enpa-sa-00021.html
http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
http://www.novell.com/linux/security/advisories/2005_48_pcre.html
http://www.novell.com/linux/security/advisories/2005_49_php.html
http://www.novell.com/linux/security/advisories/2005_52_apache2.html
http://www.php.net/release_4_4_1.php
http://www.redhat.com/support/errata/RHSA-2005-358.html
http://www.redhat.com/support/errata/RHSA-2005-761.html
http://www.redhat.com/support/errata/RHSA-2006-0197.html
http://www.securityfocus.com/archive/1/427046/100/0/threaded
http://www.securityfocus.com/archive/1/428138/100/0/threaded
http://www.securityfocus.com/archive/1/428138/100/0/threaded
http://www.securityfocus.com/bid/14620
http://www.securityfocus.com/bid/15647
http://www.vupen.com/english/advisories/2005/1511
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/0789
http://www.vupen.com/english/advisories/2006/4320
http://www.vupen.com/english/advisories/2006/4502
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://docs.info.apple.com/article.html?artnum=302847
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://marc.info/?l=bugtraq&m=112605112027335&w=2
http://marc.info/?l=bugtraq&m=112606064317223&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://secunia.com/advisories/16502
http://secunia.com/advisories/16679
http://secunia.com/advisories/17252
http://secunia.com/advisories/17813
http://secunia.com/advisories/19072
http://secunia.com/advisories/19193
http://secunia.com/advisories/19532
http://secunia.com/advisories/21522
http://secunia.com/advisories/22691
http://secunia.com/advisories/22875
http://securityreason.com/securityalert/604
http://securitytracker.com/id?1014744
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
http://www.debian.org/security/2005/dsa-800
http://www.debian.org/security/2005/dsa-817
http://www.debian.org/security/2005/dsa-819
http://www.debian.org/security/2005/dsa-821
http://www.ethereal.com/appnotes/enpa-sa-00021.html
http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
http://www.novell.com/linux/security/advisories/2005_48_pcre.html
http://www.novell.com/linux/security/advisories/2005_49_php.html
http://www.novell.com/linux/security/advisories/2005_52_apache2.html
http://www.php.net/release_4_4_1.php
http://www.redhat.com/support/errata/RHSA-2005-358.html
http://www.redhat.com/support/errata/RHSA-2005-761.html
http://www.redhat.com/support/errata/RHSA-2006-0197.html
http://www.securityfocus.com/archive/1/427046/100/0/threaded
http://www.securityfocus.com/archive/1/428138/100/0/threaded
http://www.securityfocus.com/archive/1/428138/100/0/threaded
http://www.securityfocus.com/bid/14620
http://www.securityfocus.com/bid/15647
http://www.vupen.com/english/advisories/2005/1511
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/0789
http://www.vupen.com/english/advisories/2006/4320
http://www.vupen.com/english/advisories/2006/4502
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735

Products affected by CVE-2005-2491

Pcre » Pcre » Version: 5.0

cpe:2.3:a:pcre:pcre:5.0
Pcre » Pcre » Version: 6.0

cpe:2.3:a:pcre:pcre:6.0
Pcre » Pcre » Version: 6.1

cpe:2.3:a:pcre:pcre:6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-2491

Products

Pricing

Contact Us