Search for vulnerabilities
Vulnerability details: VCID-7avr-h3vb-aaap
Vulnerability ID VCID-7avr-h3vb-aaap
Aliases CVE-2005-2491
Summary Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=130497311408250&w=2
rhas Moderate https://access.redhat.com/errata/RHSA-2005:358
rhas Moderate https://access.redhat.com/errata/RHSA-2005:761
rhas Moderate https://access.redhat.com/errata/RHSA-2006:0197
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.01849 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.0191 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
epss 0.04945 https://api.first.org/data/v1/epss?cve=CVE-2005-2491
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=430638
apache_httpd low https://httpd.apache.org/security/json/CVE-2005-2491.json
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2005-2491
Reference id Reference type URL
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://docs.info.apple.com/article.html?artnum=302847
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://marc.info/?l=bugtraq&m=112605112027335&w=2
http://marc.info/?l=bugtraq&m=112606064317223&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2491.json
https://api.first.org/data/v1/epss?cve=CVE-2005-2491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491
http://secunia.com/advisories/16502
http://secunia.com/advisories/16679
http://secunia.com/advisories/17252
http://secunia.com/advisories/17813
http://secunia.com/advisories/19072
http://secunia.com/advisories/19193
http://secunia.com/advisories/19532
http://secunia.com/advisories/21522
http://secunia.com/advisories/22691
http://secunia.com/advisories/22875
http://securityreason.com/securityalert/604
http://securitytracker.com/id?1014744
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
http://www.debian.org/security/2005/dsa-800
http://www.debian.org/security/2005/dsa-817
http://www.debian.org/security/2005/dsa-819
http://www.debian.org/security/2005/dsa-821
http://www.ethereal.com/appnotes/enpa-sa-00021.html
http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
http://www.novell.com/linux/security/advisories/2005_48_pcre.html
http://www.novell.com/linux/security/advisories/2005_49_php.html
http://www.novell.com/linux/security/advisories/2005_52_apache2.html
http://www.php.net/release_4_4_1.php
http://www.redhat.com/support/errata/RHSA-2005-358.html
http://www.redhat.com/support/errata/RHSA-2005-761.html
http://www.redhat.com/support/errata/RHSA-2006-0197.html
http://www.securityfocus.com/archive/1/427046/100/0/threaded
http://www.securityfocus.com/archive/1/428138/100/0/threaded
http://www.securityfocus.com/bid/14620
http://www.securityfocus.com/bid/15647
http://www.vupen.com/english/advisories/2005/1511
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/0789
http://www.vupen.com/english/advisories/2006/4320
http://www.vupen.com/english/advisories/2006/4502
324531 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324531
430638 https://bugzilla.redhat.com/show_bug.cgi?id=430638
cpe:2.3:a:pcre:pcre:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:5.0:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:6.0:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:6.1:*:*:*:*:*:*:*
CVE-2005-2491 https://httpd.apache.org/security/json/CVE-2005-2491.json
CVE-2005-2491 https://nvd.nist.gov/vuln/detail/CVE-2005-2491
RHSA-2005:358 https://access.redhat.com/errata/RHSA-2005:358
RHSA-2005:761 https://access.redhat.com/errata/RHSA-2005:761
RHSA-2006:0197 https://access.redhat.com/errata/RHSA-2006:0197
USN-173-1 https://usn.ubuntu.com/173-1/
USN-173-2 https://usn.ubuntu.com/173-2/
USN-173-4 https://usn.ubuntu.com/173-4/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-2491
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88697
EPSS Score 0.01849
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.