[CVE-2008-2371] Heap overflow in PCRE leading to arbitrary code execution
Bug #245934 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pcre3 (Debian) |
Fix Released
|
Unknown
|
|||
pcre3 (Ubuntu) |
Fix Released
|
Low
|
Kees Cook |
Bug Description
CVE-2008-2371 description from Debian security advisory DSA-1602-1:
"Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular
Expression library, may encounter a heap overflow condition when
compiling certain regular expressions involving in-pattern options and
branches, potentially leading to arbitrary code execution."
CVE References
Changed in pcre3: | |
status: | Unknown → Fix Released |
Changed in pcre3: | |
status: | New → Confirmed |
To post a comment you must log in.
Thanks for the report. This update has been released now: http:// www.ubuntu. com/usn/ usn-624- 1