NVD脆弱性詳細

CVE-2005-2491

概要	Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
公表日	2005年8月23日13:00
登録日	2021年1月29日17:58
最終更新日	2024年2月14日10:17

CVSS2.0 : HIGH
スコア	7.5
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	はい
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:pcre:pcre:5.0:::::::*
cpe:2.3:a:pcre:pcre:6.0:::::::*
cpe:2.3:a:pcre:pcre:6.1:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://www.securityfocus.com/bid/14620	BID
2	http://securitytracker.com/id?1014744	SECTRACK	Patch
3	http://www.debian.org/security/2005/dsa-800	DEBIAN
4	http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml	GENTOO
5	http://www.redhat.com/support/errata/RHSA-2005-761.html	REDHAT
6	http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml	GENTOO
7	http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml	GENTOO
8	http://www.debian.org/security/2005/dsa-819	DEBIAN
9	http://www.debian.org/security/2005/dsa-817	DEBIAN
10	http://www.debian.org/security/2005/dsa-821	DEBIAN
11	http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml	GENTOO
12	http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html	TRUSTIX
13	http://www.ethereal.com/appnotes/enpa-sa-00021.html	CONFIRM	URL Repurposed
14	http://www.php.net/release_4_4_1.php	CONFIRM
15	http://docs.info.apple.com/article.html?artnum=302847	APPLE
16	http://www.securityfocus.com/bid/15647	BID
17	http://secunia.com/advisories/17813	SECUNIA
18	http://secunia.com/advisories/16502	SECUNIA
19	http://secunia.com/advisories/16679	SECUNIA
20	http://www.redhat.com/support/errata/RHSA-2006-0197.html	REDHAT
21	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1	SUNALERT
22	http://secunia.com/advisories/19072	SECUNIA
23	http://www.redhat.com/support/errata/RHSA-2005-358.html	REDHAT
24	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt	SCO
25	http://secunia.com/advisories/19193	SECUNIA
26	http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf	CONFIRM
27	http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf	CONFIRM
28	http://secunia.com/advisories/17252	SECUNIA
29	ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U	SGI
30	http://secunia.com/advisories/19532	SECUNIA
31	http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm	CONFIRM
32	http://www.novell.com/linux/security/advisories/2005_48_pcre.html	SUSE
33	http://www.novell.com/linux/security/advisories/2005_49_php.html	SUSE
34	http://www.novell.com/linux/security/advisories/2005_52_apache2.html	SUSE
35	http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm	CONFIRM
36	http://secunia.com/advisories/21522	SECUNIA
37	http://secunia.com/advisories/22691	SECUNIA
38	http://secunia.com/advisories/22875	SECUNIA
39	http://securityreason.com/securityalert/604	SREASON
40	http://www.vupen.com/english/advisories/2006/0789	VUPEN
41	http://www.vupen.com/english/advisories/2006/4502	VUPEN
42	http://www.vupen.com/english/advisories/2006/4320	VUPEN
43	http://www.vupen.com/english/advisories/2005/1511	VUPEN
44	http://www.vupen.com/english/advisories/2005/2659	VUPEN
45	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522	HP
46	http://marc.info/?l=bugtraq&m=130497311408250&w=2	HP
47	http://marc.info/?l=bugtraq&m=112606064317223&w=2	OPENPKG
48	http://marc.info/?l=bugtraq&m=112605112027335&w=2	SUSE
49	http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml	GENTOO
50	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735	OVAL
51	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659	OVAL
52	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496	OVAL
53	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516	OVAL
54	http://www.securityfocus.com/archive/1/428138/100/0/threaded	HP
55	http://www.securityfocus.com/archive/1/427046/100/0/threaded	FEDORA
56	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	MISC
57	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	MISC
58	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	MISC
59	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	MISC
60	https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E	MISC
61	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	MISC
62	https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E	MISC
63	https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E	MISC
64	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	MISC
65	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	MISC
66	https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E	MISC
67	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	MISC

共通脆弱性一覧