GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Aug 25, 2005 7:06 pm Post subject: [ GLSA 200508-17 ] libpcre: Heap integer overflow |
|
|
Gentoo Linux Security Advisory
Title: libpcre: Heap integer overflow (GLSA 200508-17)
Severity: high
Exploitable: remote
Date: August 25, 2005
Bug(s): #103337
ID: 200508-17
Synopsis
libpcre is vulnerable to a heap integer overflow, possibly leading to the
execution of arbitrary code.
Background
libpcre is a library providing functions for Perl-compatible
regular expressions.
Affected Packages
Package: dev-libs/libpcre
Vulnerable: < 6.3
Unaffected: >= 6.3
Architectures: All supported architectures
Description
libpcre fails to check certain quantifier values in regular
expressions for sane values.
Impact
An attacker could possibly exploit this vulnerability to execute
arbitrary code by sending specially crafted regular expressions to
applications making use of the libpcre library.
Workaround
There is no known workaround at this time.
Resolution
All libpcre users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libpcre-6.3" |
References
CAN-2005-2491
SecurityTracker Alert ID 1014744
Last edited by GLSA on Mon Mar 05, 2012 4:20 am; edited 3 times in total |
|