Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 13.1 |
| php | php | * |
| rxspencer_project | rxspencer | 3.8.g5 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 14.10 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 15.04 |
| opensuse | opensuse | 13.2 |