CVE-2008-2371 - Vulnerability Details

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Opensuse	Opensuse
Pcre	Pcre
Php	Php

Configuration 1 [-]

cpe:2.3:a:pcre:pcre:7.7:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:fedoraproject:fedora:8:::::::*
	cpe:2.3:o:fedoraproject:fedora:9:::::::*

Configuration 6 [-]

cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=228091
http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://secunia.com/advisories/30916
http://secunia.com/advisories/30944
http://secunia.com/advisories/30945
http://secunia.com/advisories/30958
http://secunia.com/advisories/30961
http://secunia.com/advisories/30967
http://secunia.com/advisories/30972
http://secunia.com/advisories/30990
http://secunia.com/advisories/31200
http://secunia.com/advisories/32222
http://secunia.com/advisories/32454
http://secunia.com/advisories/32746
http://secunia.com/advisories/35074
http://secunia.com/advisories/35650
http://secunia.com/advisories/39300
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3549
http://ubuntu.com/usn/usn-624-2
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305
http://www.debian.org/security/2008/dsa-1602
http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:147
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.securityfocus.com/archive/1/497828/100/0/threaded
http://www.securityfocus.com/bid/30087
http://www.securityfocus.com/bid/31681
http://www.ubuntu.com/usn/usn-624-1
http://www.ubuntu.com/usn/usn-628-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2008/2005
http://www.vupen.com/english/advisories/2008/2006
http://www.vupen.com/english/advisories/2008/2336
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2010/0833
https://nvd.nist.gov/vuln/detail/CVE-2008-2371
https://www.cve.org/CVERecord?id=CVE-2008-2371
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-07-07T23:00:00

Updated: 2024-08-07T08:58:02.237Z

Reserved: 2008-05-21T00:00:00

Link: CVE-2008-2371

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-07-07T23:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2371

Redhat

Severity : Important

Publid Date: 2008-06-26T00:00:00Z

Links: CVE-2008-2371 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-05T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2008-2005", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2005"}, {"name": "MDVSA-2008:147", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147"}, {"name": "32746", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32746"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=228091"}, {"name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3549"}, {"name": "ADV-2008-2006", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2006"}, {"name": "GLSA-200811-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"}, {"name": "SSRT090085", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "31681", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31681"}, {"name": "30972", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30972"}, {"name": "USN-624-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-624-2"}, {"name": "32454", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32454"}, {"name": "30944", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30944"}, {"name": "30958", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30958"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35074"}, {"name": "USN-628-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-628-1"}, {"name": "39300", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39300"}, {"name": "FEDORA-2008-6025", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html"}, {"name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes"}, {"name": "USN-624-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-624-1"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "30967", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30967"}, {"name": "ADV-2010-0833", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0833"}, {"name": "FEDORA-2008-6048", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html"}, {"name": "MDVSA-2009:023", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"}, {"name": "31200", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31200"}, {"name": "30916", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30916"}, {"name": "32222", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32222"}, {"name": "30961", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30961"}, {"name": "SUSE-SR:2008:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"}, {"name": "30087", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30087"}, {"name": "30990", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30990"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"name": "DSA-1602", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1602"}, {"name": "HPSBUX02431", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "ADV-2008-2336", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2336"}, {"name": "ADV-2008-2780", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"name": "30945", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30945"}, {"name": "GLSA-200807-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml"}, {"name": "APPLE-SA-2008-10-09", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3216"}, {"name": "20081027 rPSA-2008-0305-1 pcre", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded"}, {"name": "35650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35650"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:58:02.237Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-2005", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2005"}, {"name": "MDVSA-2008:147", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147"}, {"name": "32746", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32746"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=228091"}, {"name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3549"}, {"name": "ADV-2008-2006", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2006"}, {"name": "GLSA-200811-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"}, {"name": "SSRT090085", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "31681", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31681"}, {"name": "30972", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30972"}, {"name": "USN-624-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-624-2"}, {"name": "32454", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32454"}, {"name": "30944", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30944"}, {"name": "30958", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30958"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35074"}, {"name": "USN-628-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-628-1"}, {"name": "39300", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39300"}, {"name": "FEDORA-2008-6025", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html"}, {"name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes"}, {"name": "USN-624-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-624-1"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "30967", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30967"}, {"name": "ADV-2010-0833", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0833"}, {"name": "FEDORA-2008-6048", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html"}, {"name": "MDVSA-2009:023", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"}, {"name": "31200", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31200"}, {"name": "30916", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30916"}, {"name": "32222", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32222"}, {"name": "30961", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30961"}, {"name": "SUSE-SR:2008:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"}, {"name": "30087", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30087"}, {"name": "30990", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30990"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"name": "DSA-1602", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1602"}, {"name": "HPSBUX02431", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "ADV-2008-2336", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2336"}, {"name": "ADV-2008-2780", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"name": "30945", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30945"}, {"name": "GLSA-200807-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml"}, {"name": "APPLE-SA-2008-10-09", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3216"}, {"name": "20081027 rPSA-2008-0305-1 pcre", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded"}, {"name": "35650", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35650"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-2371", "datePublished": "2008-07-07T23:00:00", "dateReserved": "2008-05-21T00:00:00", "dateUpdated": "2024-08-07T08:58:02.237Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pcre:pcre:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "02EE6AD6-3A1D-4D53-83DB-C5FA6598FC03", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C110295-EB1A-4B94-B252-B1062A51E864", "versionEndIncluding": "5.2.7", "versionStartIncluding": "5.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en pcre_compile.c en la biblioteca Perl-Compatible Regular Expression (PCRE) 7.7, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) o la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de expresiones regulares que comienzan con un opci\u00f3n y contienen m\u00faltiples ramas."}], "id": "CVE-2008-2371", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-07T23:41:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=228091"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30916"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30944"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30945"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30958"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30961"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30967"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30972"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30990"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/31200"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/32222"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/32454"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/32746"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/35074"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/35650"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/39300"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3216"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://ubuntu.com/usn/usn-624-2"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1602"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/30087"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/31681"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-624-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-628-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2005"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2006"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2336"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0833"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=228091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30944"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30945"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/30990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/31200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/32222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/32454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/32746"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/35074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/35650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/39300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3216"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://ubuntu.com/usn/usn-624-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/30087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/31681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-624-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-628-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0833"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2008-07-08T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object