Search for vulnerabilities
Vulnerability details: VCID-3c18-v2g4-aaaf
Vulnerability ID VCID-3c18-v2g4-aaaf
Aliases CVE-2015-2305
Summary Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
generic_textual Medium http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
generic_textual MODERATE http://marc.info/?l=bugtraq&m=143403519711434&w=2
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2305.html
generic_textual Medium http://php.net/ChangeLog-5.php
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1053
rhas Important https://access.redhat.com/errata/RHSA-2015:1066
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00560 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.34726 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.34726 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.34726 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.34726 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.34726 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.37283 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.37283 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.37283 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.37283 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.37283 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.37283 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.37283 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.37283 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.42152 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
epss 0.51428 https://api.first.org/data/v1/epss?cve=CVE-2015-2305
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1191049
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
generic_textual Medium https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2015-2305
generic_textual Medium https://ubuntu.com/security/notices/USN-2572-1
generic_textual Medium https://ubuntu.com/security/notices/USN-2594-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-2572-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-2594-1
generic_textual Medium http://www.kb.cert.org/vuls/id/695940
generic_textual Low http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Reference id Reference type URL
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://openwall.com/lists/oss-security/2015/02/07/14
http://openwall.com/lists/oss-security/2015/03/11/8
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2305.html
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1053.html
http://rhn.redhat.com/errata/RHSA-2015-1066.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json
https://api.first.org/data/v1/epss?cve=CVE-2015-2305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
https://support.apple.com/HT205267
https://ubuntu.com/security/notices/USN-2572-1
https://ubuntu.com/security/notices/USN-2594-1
https://usn.ubuntu.com/usn/usn-2572-1
https://usn.ubuntu.com/usn/usn-2594-1
http://www.debian.org/security/2015/dsa-3195
http://www.kb.cert.org/vuls/id/695940
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/72611
http://www.securitytracker.com/id/1031947
http://www.ubuntu.com/usn/USN-2572-1
http://www.ubuntu.com/usn/USN-2594-1
1191049 https://bugzilla.redhat.com/show_bug.cgi?id=1191049
778389 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778389
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:rxspencer_project:rxspencer:3.8.g5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rxspencer_project:rxspencer:3.8.g5:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVE-2015-2305 https://nvd.nist.gov/vuln/detail/CVE-2015-2305
RHSA-2015:1053 https://access.redhat.com/errata/RHSA-2015:1053
RHSA-2015:1066 https://access.redhat.com/errata/RHSA-2015:1066
USN-2572-1 https://usn.ubuntu.com/2572-1/
USN-2594-1 https://usn.ubuntu.com/2594-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-2305
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.78105
EPSS Score 0.00560
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.