CVE-2005-4872 - CVE Reference - Advisories

CVE Reference: CVE-2005-4872

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-4872

Description: Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

CVE Status: Candidate

References: SUSE http://www.novell.com/linux/security/advisories/2007_62_pcre.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html SAID Secunia Advisory: SA27582 Secunia Advisory: SA27773 Secunia Advisory: SA27869 Secunia Advisory: SA28658 REDHAT http://www.redhat.com/support/errata/RHSA-2007-1052.html MISC http://scary.beasts.org/security/CESA-2007-006.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm http://www.pcre.org/changelog.txt BID 26462

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenBSD BIND Query Port DNS Cache Poisoning

2.	Red Hat update for kernel

3.	Drupal Session Fixation Vulnerability

4.	Debian update for clamav

5.	Linux Kernel LDT Buffer Size Handling Vulnerability

6.	IPCop update for perl

7.	Ubuntu update for php

8.	Debian update for xulrunner

9.	dnsmasq Denial of Service and DNS Cache Poisoning

10.	Apple Safari Cross-Domain Cookie Injection Vulnerability