Search for vulnerabilities
Vulnerability details: VCID-gjzf-d5g8-aaac
Vulnerability ID VCID-gjzf-d5g8-aaac
Aliases CVE-2005-4872
Summary Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:1052
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.01504 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
epss 0.02992 https://api.first.org/data/v1/epss?cve=CVE-2005-4872
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=383361
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2005-4872
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4872.json
https://api.first.org/data/v1/epss?cve=CVE-2005-4872
http://scary.beasts.org/security/CESA-2007-006.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872
http://secunia.com/advisories/27582
http://secunia.com/advisories/27773
http://secunia.com/advisories/27869
http://secunia.com/advisories/28658
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11615
http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
http://www.pcre.org/changelog.txt
http://www.redhat.com/support/errata/RHSA-2007-1052.html
http://www.securityfocus.com/bid/26462
383361 https://bugzilla.redhat.com/show_bug.cgi?id=383361
cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
CVE-2005-4872 https://nvd.nist.gov/vuln/detail/CVE-2005-4872
RHSA-2007:1052 https://access.redhat.com/errata/RHSA-2007:1052
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-4872
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.65292
EPSS Score 0.00249
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.