ID CVE-2008-2371
Summary Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
References
Vulnerable Configurations
  • cpe:2.3:a:pcre:pcre:7.7:*:*:*:*:*:*:*
    cpe:2.3:a:pcre:pcre:7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.2:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.3:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.5:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.5:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:rc5:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:rc5:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:-:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:-:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:rc4:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:rc4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:rc5:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:rc5:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 01-08-2022 - 15:54)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple
  • APPLE-SA-2008-10-09
  • APPLE-SA-2009-05-12
bid
  • 30087
  • 31681
bugtraq 20081027 rPSA-2008-0305-1 pcre
cert TA09-133A
confirm
debian DSA-1602
fedora
  • FEDORA-2008-6025
  • FEDORA-2008-6048
gentoo
  • GLSA-200807-03
  • GLSA-200811-05
hp
  • HPSBUX02431
  • HPSBUX02465
  • SSRT090085
  • SSRT090192
mandriva
  • MDVSA-2008:147
  • MDVSA-2009:023
secunia
  • 30916
  • 30944
  • 30945
  • 30958
  • 30961
  • 30967
  • 30972
  • 30990
  • 31200
  • 32222
  • 32454
  • 32746
  • 35074
  • 35650
  • 39300
suse SUSE-SR:2008:014
ubuntu
  • USN-624-1
  • USN-624-2
  • USN-628-1
vupen
  • ADV-2008-2005
  • ADV-2008-2006
  • ADV-2008-2336
  • ADV-2008-2780
  • ADV-2009-1297
  • ADV-2010-0833
statements via4
contributor Mark J Cox
lastmodified 2008-07-08
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 01-08-2022 - 15:54
Published 07-07-2008 - 23:41
Last modified 01-08-2022 - 15:54
Back to Top