CVE 2008-2371
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
Related bugs and status
CVE-2008-2371 (Candidate) is related to these bugs:
Bug #227464: Please roll out security fixes from PHP 5.2.6
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 227464 | Please roll out security fixes from PHP 5.2.6 | php5 (Ubuntu) | Undecided | Fix Released | ||
| 227464 | Please roll out security fixes from PHP 5.2.6 | php5 (Debian) | Unknown | Fix Released | ||
| 227464 | Please roll out security fixes from PHP 5.2.6 | Hardy Backports | Undecided | Invalid | ||
| 227464 | Please roll out security fixes from PHP 5.2.6 | php5 (Ubuntu Hardy) | Undecided | Fix Released | ||
| 227464 | Please roll out security fixes from PHP 5.2.6 | php5 (Ubuntu Dapper) | Undecided | Fix Released | ||
| 227464 | Please roll out security fixes from PHP 5.2.6 | php5 (Ubuntu Feisty) | Undecided | Fix Released | ||
| 227464 | Please roll out security fixes from PHP 5.2.6 | php5 (Ubuntu Gutsy) | Undecided | Fix Released | ||
Bug #245934: [CVE-2008-2371] Heap overflow in PCRE leading to arbitrary code execution
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 245934 | [CVE-2008-2371] Heap overflow in PCRE leading to arbitrary code execution | pcre3 (Ubuntu) | Low | Fix Released | ||
| 245934 | [CVE-2008-2371] Heap overflow in PCRE leading to arbitrary code execution | pcre3 (Debian) | Unknown | Fix Released | ||
Bug #535090: CVE-2008-2371 (outer level option with alternatives caused crash)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 535090 | CVE-2008-2371 (outer level option with alternatives caused crash) | erlang (Ubuntu) | Low | Fix Released | ||
| 535090 | CVE-2008-2371 (outer level option with alternatives caused crash) | erlang (Ubuntu Intrepid) | Low | Fix Released | ||
| 535090 | CVE-2008-2371 (outer level option with alternatives caused crash) | erlang (Ubuntu Jaunty) | Low | Fix Released | ||
| 535090 | CVE-2008-2371 (outer level option with alternatives caused crash) | erlang (Ubuntu Karmic) | Low | Fix Released | ||
| 535090 | CVE-2008-2371 (outer level option with alternatives caused crash) | erlang (Ubuntu Lucid) | Low | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
