FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0674

This CVE name corresponds to:

Entered Topic
2008-02-29 pcre -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-0674 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-0674
Phase Assigned(20080211)

Description

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.

References

Source Reference
BUGTRAQ 20080228 rPSA-2008-0086-1 pcre
MLIST [oss-security] 20080502 CVE Request (PHP)
CONFIRM http://pcre.org/changelog.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=431660
CONFIRM http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0086
CONFIRM http://www.php.net/ChangeLog-5.php
CONFIRM https://issues.rpath.com/browse/RPL-2223
DEBIAN DSA-1499
FEDORA FEDORA-2008-1533
FEDORA FEDORA-2008-1783
FEDORA FEDORA-2008-1842
GENTOO GLSA-200803-24
MANDRIVA MDVSA-2008:053
SUSE SUSE-SR:2008:004
UBUNTU USN-581-1
BID 27786
BID 29009
FRSIRT ADV-2008-0570
FRSIRT ADV-2008-0592
FRSIRT ADV-2008-1412
SECUNIA 28923
SECUNIA 28960
SECUNIA 28985
SECUNIA 28996
SECUNIA 28957
SECUNIA 29027
SECUNIA 29048
SECUNIA 29175
SECUNIA 29267
SECUNIA 29282
SECUNIA 30048
XF pcre-characterclass-bo(40505)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.