6.8

CVE-2015-2305

Exploit

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rxspencer ProjectRxspencer Version3.8.g5
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version14.10
CanonicalUbuntu Linux Version15.04
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
PhpPhp Version >= 5.4.0 < 5.4.39
PhpPhp Version >= 5.5.0 < 5.5.23
PhpPhp Version >= 5.6.0 < 5.6.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 28.7% 0.964
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://marc.info/?l=bugtraq&m=143403519711434&w=2
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2015/02/07/14
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2015/03/11/8
Third Party Advisory
Mailing List
http://www.kb.cert.org/vuls/id/695940
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/72611
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1031947
Third Party Advisory
VDB Entry