National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2005-2491 Detail

Description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Source:  MITRE      Last Modified:  08/23/2005

Quick Info

CVE Dictionary Entry:
CVE-2005-2491
Original release date:
08/23/2005
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apache 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt External Source SCO SCOSA-2006.10
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U External Source SGI 20060401-01-U
http://docs.info.apple.com/article.html?artnum=302847 External Source APPLE APPLE-SA-2005-11-29
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 External Source HP SSRT061238
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html External Source TRUSTIX TSLSA-2005-0059
http://marc.info/?l=bugtraq&m=112605112027335&w=2 External Source SUSE SUSE-SA:2005:051
http://marc.info/?l=bugtraq&m=112606064317223&w=2 External Source OPENPKG OpenPKG-SA-2005.018
http://marc.info/?l=bugtraq&m=130497311408250&w=2 External Source HP HPSBOV02683
http://securityreason.com/securityalert/604 External Source SREASON 604
http://securitytracker.com/id?1014744 Patch External Source SECTRACK 1014744
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 External Source SUNALERT 102198
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
http://www.debian.org/security/2005/dsa-800 External Source DEBIAN DSA-800
http://www.debian.org/security/2005/dsa-817 External Source DEBIAN DSA-817
http://www.debian.org/security/2005/dsa-819 External Source DEBIAN DSA-819
http://www.debian.org/security/2005/dsa-821 External Source DEBIAN DSA-821
http://www.ethereal.com/appnotes/enpa-sa-00021.html External Source CONFIRM http://www.ethereal.com/appnotes/enpa-sa-00021.html
http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml External Source GENTOO GLSA-200509-08
http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml External Source GENTOO GLSA-200509-02
http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml External Source GENTOO GLSA-200509-08
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml External Source GENTOO GLSA-200509-12
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml External Source GENTOO GLSA-200509-19
http://www.novell.com/linux/security/advisories/2005_48_pcre.html External Source SUSE SUSE-SA:2005:048
http://www.novell.com/linux/security/advisories/2005_49_php.html External Source SUSE SUSE-SA:2005:049
http://www.novell.com/linux/security/advisories/2005_52_apache2.html External Source SUSE SUSE-SA:2005:052
http://www.php.net/release_4_4_1.php External Source CONFIRM http://www.php.net/release_4_4_1.php
http://www.redhat.com/support/errata/RHSA-2005-358.html External Source REDHAT RHSA-2005:358
http://www.redhat.com/support/errata/RHSA-2005-761.html External Source REDHAT RHSA-2005:761
http://www.redhat.com/support/errata/RHSA-2006-0197.html External Source REDHAT RHSA-2006:0197
http://www.securityfocus.com/archive/1/archive/1/427046/100/0/threaded External Source FEDORA FLSA:168516
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded External Source HP HPSBUX02074
http://www.securityfocus.com/bid/14620 External Source BID 14620
http://www.securityfocus.com/bid/15647 External Source BID 15647
http://www.vupen.com/english/advisories/2005/1511 External Source VUPEN ADV-2005-1511
http://www.vupen.com/english/advisories/2005/2659 External Source VUPEN ADV-2005-2659
http://www.vupen.com/english/advisories/2006/0789 External Source VUPEN ADV-2006-0789
http://www.vupen.com/english/advisories/2006/4320 External Source VUPEN ADV-2006-4320
http://www.vupen.com/english/advisories/2006/4502 External Source VUPEN ADV-2006-4502
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516 External Source OVAL oval:org.mitre.oval:def:11516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496 External Source OVAL oval:org.mitre.oval:def:1496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659 External Source OVAL oval:org.mitre.oval:def:1659
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735 External Source OVAL oval:org.mitre.oval:def:735

References to Check Content

Identifier:
oval:org.mitre.oval:def:11516
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11516
Identifier:
oval:org.mitre.oval:def:1496
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1496
Identifier:
oval:org.mitre.oval:def:1659
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1659
Identifier:
oval:org.mitre.oval:def:735
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:735

Technical Details

Vulnerability Type (View All)

Change History 4 change records found - show changes