漏洞信息详情
PCRE pcre_compile.c文件堆溢出漏洞
- CNNVD编号:CNNVD-200807-093
- 危害等级: 高危
- CVE编号: CVE-2008-2371
- 漏洞类型: 缓冲区溢出
- 发布时间: 2007-05-16
- 威胁类型: 远程
- 更新时间: 2009-05-16
- 厂 商: pcre
- 漏洞来源: Tavis Ormandy※ tav...
漏洞简介
PCRE(Perl Compatible Regular Expressions)是软件开发者Philip Hazel所研发的一个使用C语言编写的开源正则表达式函数库。 当PCRE在启动模式(pattern)指定选项的时候,为了防止将其不必要的编译到字节代码,会如pcre_compile()选项所指定的方式传送回调用程序(也就是/(?i)a|b/ == /a|b/i)。如果模式包含有多个分支的话,就会意外的将新选项回传的过远,仅有第一个分支获得了新的标记,而在第二次编译传送的时候会一直设置新的标记,导致大小计算传送和实际的编译传送之间出现不匹配,这可能触发堆溢出。
漏洞公告
参考网址
来源: US-CERT 名称: TA09-133A 链接:http://www.us-cert.gov/cas/techalerts/TA09-133A.HTML 来源: FEDORA 名称: FEDORA-2008-6048 链接:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.HTML 来源: FEDORA 名称: FEDORA-2008-6025 链接:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.HTML 来源: VUPEN 名称: ADV-2009-1297 链接:http://www.vupen.com/english/advisories/2009/1297 来源: VUPEN 名称: ADV-2008-2336 链接:http://www.vupen.com/english/advisories/2008/2336 来源: UBUNTU 名称: USN-628-1 链接:http://www.ubuntu.com/usn/usn-628-1 来源: UBUNTU 名称: USN-624-1 链接:http://www.ubuntu.com/usn/usn-624-1 来源: BID 名称: 31681 链接:http://www.securityfocus.com/bid/31681 来源: BID 名称: 30087 链接:http://www.securityfocus.com/bid/30087 来源: BUGTRAQ 名称: 20081027 rPSA-2008-0305-1 pcre 链接:http://www.securityfocus.com/archive/1/archive/1/497828/100/0/threaded 来源: MANDRIVA 名称: MDVSA-2009:023 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 来源: MANDRIVA 名称: MDVSA-2008:147 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:147 来源: GENTOO 名称: GLSA-200807-03 链接:http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml 来源: VUPEN 名称: ADV-2008-2780 链接:http://www.frsirt.com/english/advisories/2008/2780 来源: VUPEN 名称: ADV-2008-2006 链接:http://www.frsirt.com/english/advisories/2008/2006 来源: VUPEN 名称: ADV-2008-2005 链接:http://www.frsirt.com/english/advisories/2008/2005 来源: DEBIAN 名称: DSA-1602 链接:http://www.debian.org/security/2008/dsa-1602 来源: wiki.rpath.com 链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305 来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com 链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3549 来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com 链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3216 来源: SECUNIA 名称: 35650 链接:http://secunia.com/advisories/35650 来源: SECUNIA 名称: 35074 链接:http://secunia.com/advisories/35074 来源: SECUNIA 名称: 32454 链接:http://secunia.com/advisories/32454 来源: SECUNIA 名称: 32222 链接:http://secunia.com/advisories/32222 来源: SECUNIA 名称: 31200 链接:http://secunia.com/advisories/31200 来源: SECUNIA 名称: 30990 链接:http://secunia.com/advisories/30990 来源: SECUNIA 名称: 30972 链接:http://secunia.com/advisories/30972 来源: SECUNIA 名称: 30967 链接:http://secunia.com/advisories/30967 来源: SECUNIA 名称: 30961 链接:http://secunia.com/advisories/30961 来源: SECUNIA 名称: 30958 链接:http://secunia.com/advisories/30958 来源: SECUNIA 名称: 30945 链接:http://secunia.com/advisories/30945 来源: SECUNIA 名称: 30944 链接:http://secunia.com/advisories/30944 来源: SECUNIA 名称: 30916 链接:http://secunia.com/advisories/30916 来源: HP 名称: SSRT090192 链接:http://marc.info/?l=bugtraq&m=125631037611762&w=2 来源: HP 名称: SSRT090192 链接:http://marc.info/?l=bugtraq&m=125631037611762&w=2 来源: HP 名称: SSRT090085 链接:http://marc.info/?l=bugtraq&m=124654546101607&w=2 来源: HP 名称: SSRT090085 链接:http://marc.info/?l=bugtraq&m=124654546101607&w=2 来源: SUSE 名称: SUSE-SR:2008:014 链接:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.HTML 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-05-12 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/May/msg00002.HTML 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-10-09 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2008/Oct/msg00001.HTML 来源: ftp.gnome.org 链接:http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes 来源: bugs.gentoo.org 链接:http://bugs.gentoo.org/show_bug.
受影响实体
- Pcre Pcre:7.7
补丁
暂无
评论