CVE-2015-2305
published 2015-03-30CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD…
PriorityP344medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
8.37%
94.3th percentile
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_el_capitan_v10.11 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| clamav | clamav | >= 0 < 0.98.7+dfsg-1 | 0.98.7+dfsg-1 |
| clamav | clamav | >= 0 < 0.98.7+dfsg-1 | 0.98.7+dfsg-1 |
| clamav | clamav | >= 0 < 0.98.7+dfsg-1 | 0.98.7+dfsg-1 |
| clamav | clamav | >= 0 < 0.98.7+dfsg-1 | 0.98.7+dfsg-1 |
| debian | alpine | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | clamav | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | cups | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | efl | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | haskell-regex-posix | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | knews | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | librcsb-core-wrapper | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | newlib | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | nvi | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | radare2 | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | sma | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| debian | vigor | < clamav 0.98.7+dfsg-1 (bookworm) | clamav 0.98.7+dfsg-1 (bookworm) |
| newlib_project | newlib | >= 0 < 2.0.0-1 | 2.0.0-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ClamAV vulnerabilities
vendor_ubuntu·2015-05-05
CVE-2015-2170 ClamAV vulnerabilities
Title: ClamAV vulnerabilities
Summary: ClamAV could be made to crash or run programs if it processed a specially
crafted file.
It was discovered that ClamAV incorrectly handled certain malformed files.
A remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.
In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2015-04-20·CVSS 6.8
CVE-2015-2305 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled cleanup when used with
Apache 2.4. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-3330)
It was discovered that PHP incorrectly handled opening tar, zip or phar
archives through the PHAR extension. A remote attacker could use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2015-3329)
It was discovered that PHP incorrectly handled regular expressions. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2015-2305)
Paulos Yibelo
Red Hat
regex: heap overflow in regcomp() on 32-bit architectures
vendor_redhat·2015-02-04·CVSS 6.8
CVE-2015-2305 [MEDIUM] regex: heap overflow in regcomp() on 32-bit architectures
regex: heap overflow in regcomp() on 32-bit architectures
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
A heap buffer overflow flaw was found in the regcomp() function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp() function could cause that application to crash and possibly execute arbitrary code.
Package: mysql (Red Hat Enterprise Linux 5) - Will not fix
Package: mysql51-mysql (Red Hat Enterprise
Debian
CVE-2015-2305: alpine - Integer overflow in the regcomp implementation in the Henry Spencer BSD regex li...
vendor_debian·2015·CVSS 6.8
CVE-2015-2305 [MEDIUM] CVE-2015-2305: alpine - Integer overflow in the regcomp implementation in the Henry Spencer BSD regex li...
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Apple
CVE-2015-2305: OS X El Capitan v10.11
vendor_apple·CVSS 6.8
CVE-2015-2305 [MEDIUM] CVE-2015-2305: OS X El Capitan v10.11
Apple Security Update: About the security content of OS X El Capitan v10.11
Product: OS X El Capitan v10.11
CVE: CVE-2015-2305
Component: CVE-2015-2305
GHSA
GHSA-qcm7-3c5w-vhg7: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3
ghsa_unreviewed·2022-05-14
CVE-2015-2305 [MEDIUM] CWE-190 GHSA-qcm7-3c5w-vhg7: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
OSV
php5 vulnerabilities
osv·2015-04-20·CVSS 6.8
CVE-2015-3330 [MEDIUM] php5 vulnerabilities
php5 vulnerabilities
It was discovered that PHP incorrectly handled cleanup when used with
Apache 2.4. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-3330)
It was discovered that PHP incorrectly handled opening tar, zip or phar
archives through the PHAR extension. A remote attacker could use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2015-3329)
It was discovered that PHP incorrectly handled regular expressions. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2015-2305)
Paulos Yibelo discovered that PHP incorrectly handled moving files when
OSV
CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3
osv·2015-03-30·CVSS 6.8
CVE-2015-2305 [MEDIUM] CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2015-05/msg00024.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://openwall.com/lists/oss-security/2015/02/07/14http://openwall.com/lists/oss-security/2015/03/11/8http://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://www.debian.org/security/2015/dsa-3195http://www.kb.cert.org/vuls/id/695940http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/72611http://www.securitytracker.com/id/1031947http://www.ubuntu.com/usn/USN-2572-1http://www.ubuntu.com/usn/USN-2594-1https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/https://support.apple.com/HT205267http://blog.clamav.net/2015/04/clamav-0987-has-been-released.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2015-05/msg00024.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://openwall.com/lists/oss-security/2015/02/07/14http://openwall.com/lists/oss-security/2015/03/11/8http://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://www.debian.org/security/2015/dsa-3195http://www.kb.cert.org/vuls/id/695940http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/72611http://www.securitytracker.com/id/1031947http://www.ubuntu.com/usn/USN-2572-1http://www.ubuntu.com/usn/USN-2594-1https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/https://support.apple.com/HT205267
2015-03-30
Published