A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances.
CWE-122: Heap-based Buffer Overflow
From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an extent that, in the process of enlarging (multiplication and addition), causes the 32 bit register/variable to overflow." It may be possible for an attacker to use this overflow to change data in memory.
The complete impact of this vulnerability is not yet known. Since the library is utilized in different ways, the impact is likely to vary depending on vendor. In worst case, a malicious actor may be able to execute arbitrary code.
Apply an update
DragonFly BSD Project
Wind River Systems, Inc.
Check Point Software Technologies
Global Technology Associates, Inc.
Juniper Networks, Inc.
Blue Coat Systems
Cisco Systems, Inc.
D-Link Systems, Inc.
F5 Networks, Inc.
Force10 Networks, Inc.
Foundry Networks, Inc.
Mandriva S. A.
Palo Alto Networks
QNX Software Systems Inc.
Red Hat, Inc.
Slackware Linux Inc.
The PHP Group
TippingPoint Technologies Inc.
Watchguard Technologies, Inc.
This vulnerability was reported publicly by Guido Vranken.
This document was written by Garret Wassermann.
|Date First Published:||2015-02-13|
|Date Last Updated:||2015-02-27 13:52 UTC|