CVE-2005-2491 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pcre

13 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.0%

top 16.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gnumeric Debian Gnumeric Debian Goffice +3 more

Timeline

PublishedAug 23

Latest updateMay 3

Description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶debiandebian/pcre3< gnumeric 1.5.1-1 (bookworm)

▶NVDpcre/pcre5.0, 6.0, 6.1+2

▶debiandebian/vfu< gnumeric 1.5.1-1 (bookworm)

▶debiandebian/goffice< gnumeric 1.5.1-1 (bookworm)

▶debiandebian/gnumeric< gnumeric 1.5.1-1 (bookworm)

Patches

Patch: securitytracker.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-h9j2-347v-3v58: Integer overflow in pcre_compile↗2022-05-03

▶

OSV

CVE-2005-2491: Integer overflow in pcre_compile↗2005-08-23

▶

📋Vendor Advisories

Ubuntu

PCRE vulnerabilities↗2005-08-31

▶

Ubuntu

PCRE vulnerability↗2005-08-25

▶

Ubuntu

PCRE vulnerability↗2005-08-24

▶

Red Hat

pcre heap overflow↗2005-08-01

▶

Debian

CVE-2005-2491: gnumeric - Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE)...↗2005

▶

💬Community

Bugzilla

CVE-2005-2491 pcre heap overflow↗2008-01-29

▶

Bugzilla

CVE-2006-4980 repr unicode buffer overflow↗2006-11-07

▶

Bugzilla

CAN-2005-0089 CAN-2005-2491 python multiple security issues↗2005-09-25

▶

Bugzilla

CVE-2005-2491 PCRE heap overflow↗2005-08-19

▶