MidnightBSD

Advisories for rxspencer_project

CVE-2015-2305 MEDIUM

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
opensuse opensuse 13.1
php php *
rxspencer_project rxspencer 3.8.g5
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
canonical ubuntu_linux 10.04
canonical ubuntu_linux 15.04
opensuse opensuse 13.2