FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2371

This CVE name corresponds to:

Entered	Topic
2008-12-07	php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2371 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-2371
Phase	Assigned(20080521)

Description

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

References

Source	Reference
BUGTRAQ	20081027 rPSA-2008-0305-1 pcre
CONFIRM	http://bugs.gentoo.org/show_bug.cgi?id=228091
CONFIRM	http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes
CONFIRM	http://support.apple.com/kb/HT3216
CONFIRM	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305
CONFIRM	http://support.apple.com/kb/HT3549
APPLE	APPLE-SA-2008-10-09
APPLE	APPLE-SA-2009-05-12
DEBIAN	DSA-1602
FEDORA	FEDORA-2008-6025
FEDORA	FEDORA-2008-6048
GENTOO	GLSA-200807-03
GENTOO	GLSA-200811-05
HP	HPSBUX02431
HP	SSRT090085
HP	HPSBUX02465
HP	SSRT090192
MANDRIVA	MDVSA-2008:147
MANDRIVA	MDVSA-2009:023
SUSE	SUSE-SR:2008:014
UBUNTU	USN-624-1
UBUNTU	USN-628-1
UBUNTU	USN-624-2
CERT	TA09-133A
BID	30087
BID	31681
SECUNIA	35074
SECUNIA	35650
SECUNIA	39300
SECUNIA	32746
VUPEN	ADV-2008-2005
VUPEN	ADV-2008-2006
VUPEN	ADV-2008-2780
SECUNIA	30916
SECUNIA	30944
SECUNIA	30958
SECUNIA	30961
SECUNIA	30945
SECUNIA	30972
SECUNIA	30967
SECUNIA	30990
SECUNIA	31200
SECUNIA	32222
SECUNIA	32454
VUPEN	ADV-2008-2336
VUPEN	ADV-2009-1297
VUPEN	ADV-2010-0833