CVE-2015-2305
regex: heap overflow in regcomp() on 32-bit architectures
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Desbordamiento de enteros en la implementación regcomp en la librería Henry Spencer BSD regex (también conocido como rxspencer) alpha3.8.g5 en las plataformas de 32 bits, utilizado en NetBSD hasta 6.1.5 y otros productos, podría permitir a atacantes dependientes de contexto ejecutar código arbitrario a través de una expresión regular grande que conlleva a un desbordamiento de buffer basado en memoria dinámica.
A heap buffer overflow flaw was found in the regcomp() function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp() function could cause that application to crash and possibly execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-03-16 CVE Reserved
- 2015-03-19 CVE Published
- 2024-03-06 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html | Third Party Advisory | |
| http://openwall.com/lists/oss-security/2015/02/07/14 | Mailing List | |
| http://openwall.com/lists/oss-security/2015/03/11/8 | Mailing List | |
| http://www.kb.cert.org/vuls/id/695940 | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/72611 | Third Party Advisory | |
| http://www.securitytracker.com/id/1031947 | Third Party Advisory | |
| https://support.apple.com/HT205267 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rxspencer Project Search vendor "Rxspencer Project" | Rxspencer Search vendor "Rxspencer Project" for product "Rxspencer" | 3.8.g5 Search vendor "Rxspencer Project" for product "Rxspencer" and version "3.8.g5" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.4.0 < 5.4.39 Search vendor "Php" for product "Php" and version " >= 5.4.0 < 5.4.39" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.5.0 < 5.5.23 Search vendor "Php" for product "Php" and version " >= 5.5.0 < 5.5.23" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.6.0 < 5.6.7 Search vendor "Php" for product "Php" and version " >= 5.6.0 < 5.6.7" | - |
Affected
| ||||||