CVE-2008-2371

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

🔗 References (90)

• secalert@redhathttp://bugs.gentoo.org/show_bug.cgi?id=228091
• secalert@redhathttp://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes
• secalert@redhathttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
• secalert@redhathttp://lists.apple.com/archives/security-announce/2009/May/msg00002.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
• secalert@redhathttp://marc.info/?l=bugtraq&m=124654546101607&w=2
• secalert@redhathttp://marc.info/?l=bugtraq&m=125631037611762&w=2
• secalert@redhathttp://secunia.com/advisories/30916
• secalert@redhathttp://secunia.com/advisories/30944
• secalert@redhathttp://secunia.com/advisories/30945
• secalert@redhathttp://secunia.com/advisories/30958
• secalert@redhathttp://secunia.com/advisories/30961
• secalert@redhathttp://secunia.com/advisories/30967
• secalert@redhathttp://secunia.com/advisories/30972
• secalert@redhathttp://secunia.com/advisories/30990