ACCESS

Notified:  February 06, 2015 Updated: February 06, 2015

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    Alcatel-Lucent

    Notified:  February 06, 2015 Updated: February 06, 2015

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Apple

      Notified:  February 06, 2015 Updated: February 06, 2015

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Arch Linux

        Notified:  February 06, 2015 Updated: February 06, 2015

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          AT&T

          Notified:  February 06, 2015 Updated: February 06, 2015

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            Avaya, Inc.

            Notified:  February 06, 2015 Updated: February 06, 2015

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              Barracuda Networks

              Notified:  February 06, 2015 Updated: February 06, 2015

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                Belkin, Inc.

                Notified:  February 06, 2015 Updated: February 06, 2015

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  Blue Coat Systems

                  Notified:  February 06, 2015 Updated: February 06, 2015

                  Status

                    Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    CA Technologies

                    Notified:  February 06, 2015 Updated: February 06, 2015

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor References

                      CentOS

                      Notified:  February 06, 2015 Updated: February 06, 2015

                      Status

                        Unknown

                      Vendor Statement

                      No statement is currently available from the vendor regarding this vulnerability.

                      Vendor References

                        Check Point Software Technologies

                        Notified:  February 06, 2015 Updated: February 24, 2015

                        Statement Date:   February 24, 2015

                        Status

                          Not Affected

                        Vendor Statement

                        "Since all regcomp() calls are done with hard coded regular expressions – Check Point does not find our code exploitable by an attacker."

                        Vendor Information

                        We are not aware of further vendor information regarding this vulnerability.

                        Cisco Systems, Inc.

                        Notified:  February 06, 2015 Updated: February 06, 2015

                        Status

                          Unknown

                        Vendor Statement

                        No statement is currently available from the vendor regarding this vulnerability.

                        Vendor References

                          Debian GNU/Linux

                          Notified:  February 06, 2015 Updated: February 09, 2015

                          Statement Date:   February 07, 2015

                          Status

                            Affected

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor Information

                          We are not aware of further vendor information regarding this vulnerability.

                          DesktopBSD

                          Notified:  February 06, 2015 Updated: February 06, 2015

                          Status

                            Unknown

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor References

                            D-Link Systems, Inc.

                            Notified:  February 06, 2015 Updated: February 06, 2015

                            Status

                              Unknown

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor References

                              DragonFly BSD Project

                              Notified:  February 06, 2015 Updated: February 13, 2015

                              Statement Date:   February 07, 2015

                              Status

                                Affected

                              Vendor Statement

                              "DragonFly is 64-bit only now so the current release is not affected.  However, older versions of DragonFly (prior to us going 64-bit only) are vulnerable.  Despite the vulnerability I'm not sure I would classify this as a serious problem because it is highly unlikely that programs using the library would allow a 700MB+ pattern string in the first place.  Patterns of that size certainly can't be passed on the command line due to OS exec argument buffer limitations. That said, we will commit a length check to avoid any possible overflow."

                              Vendor Information

                              The vendor has patched the issue; the git log is available at the URL below:

                              Vendor References

                              Enterasys Networks

                              Notified:  February 06, 2015 Updated: February 06, 2015

                              Status

                                Unknown

                              Vendor Statement

                              No statement is currently available from the vendor regarding this vulnerability.

                              Vendor References

                                Ericsson

                                Notified:  February 06, 2015 Updated: February 06, 2015

                                Status

                                  Unknown

                                Vendor Statement

                                No statement is currently available from the vendor regarding this vulnerability.

                                Vendor References

                                  eSoft, Inc.

                                  Notified:  February 06, 2015 Updated: February 06, 2015

                                  Status

                                    Unknown

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor References

                                    Extreme Networks

                                    Notified:  February 06, 2015 Updated: February 06, 2015

                                    Status

                                      Unknown

                                    Vendor Statement

                                    No statement is currently available from the vendor regarding this vulnerability.

                                    Vendor References

                                      F5 Networks, Inc.

                                      Notified:  February 06, 2015 Updated: February 06, 2015

                                      Status

                                        Unknown

                                      Vendor Statement

                                      No statement is currently available from the vendor regarding this vulnerability.

                                      Vendor References

                                        Fedora Project

                                        Notified:  February 06, 2015 Updated: February 06, 2015

                                        Status

                                          Unknown

                                        Vendor Statement

                                        No statement is currently available from the vendor regarding this vulnerability.

                                        Vendor References

                                          Force10 Networks, Inc.

                                          Notified:  February 06, 2015 Updated: February 06, 2015

                                          Status

                                            Unknown

                                          Vendor Statement

                                          No statement is currently available from the vendor regarding this vulnerability.

                                          Vendor References

                                            Fortinet, Inc.

                                            Notified:  February 06, 2015 Updated: February 27, 2015

                                            Statement Date:   February 27, 2015

                                            Status

                                              Not Affected

                                            Vendor Statement

                                            "Fortinet products are not affected by the Henry Spencer regular expressions (regex) library heap overflow vulnerability."

                                            Vendor Information

                                            We are not aware of further vendor information regarding this vulnerability.

                                            Foundry Networks, Inc.

                                            Notified:  February 06, 2015 Updated: February 06, 2015

                                            Status

                                              Unknown

                                            Vendor Statement

                                            No statement is currently available from the vendor regarding this vulnerability.

                                            Vendor References

                                              FreeBSD Project

                                              Notified:  February 06, 2015 Updated: February 09, 2015

                                              Statement Date:   February 06, 2015

                                              Status

                                                Affected

                                              Vendor Statement

                                              No statement is currently available from the vendor regarding this vulnerability.

                                              Vendor Information

                                              We are not aware of further vendor information regarding this vulnerability.

                                              Gentoo Linux

                                              Notified:  February 06, 2015 Updated: February 06, 2015

                                              Status

                                                Unknown

                                              Vendor Statement

                                              No statement is currently available from the vendor regarding this vulnerability.

                                              Vendor References

                                                Global Technology Associates, Inc.

                                                Notified:  February 06, 2015 Updated: February 09, 2015

                                                Statement Date:   February 09, 2015

                                                Status

                                                  Not Affected

                                                Vendor Statement

                                                "No GTA firewalls running any version of GB-OS are vulnerable to the H. Spencer Regex vulnerability VU#695940."

                                                Vendor Information

                                                We are not aware of further vendor information regarding this vulnerability.

                                                Google

                                                Notified:  February 06, 2015 Updated: February 06, 2015

                                                Status

                                                  Unknown

                                                Vendor Statement

                                                No statement is currently available from the vendor regarding this vulnerability.

                                                Vendor References

                                                  Hewlett-Packard Company

                                                  Notified:  February 06, 2015 Updated: February 06, 2015

                                                  Status

                                                    Unknown

                                                  Vendor Statement

                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                  Vendor References

                                                    Hitachi

                                                    Notified:  February 06, 2015 Updated: February 06, 2015

                                                    Status

                                                      Unknown

                                                    Vendor Statement

                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                    Vendor References

                                                      Huawei Technologies

                                                      Notified:  February 06, 2015 Updated: February 06, 2015

                                                      Status

                                                        Unknown

                                                      Vendor Statement

                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                      Vendor References

                                                        IBM Corporation

                                                        Notified:  February 06, 2015 Updated: February 06, 2015

                                                        Status

                                                          Unknown

                                                        Vendor Statement

                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                        Vendor References

                                                          IBM eServer

                                                          Notified:  February 06, 2015 Updated: February 06, 2015

                                                          Status

                                                            Unknown

                                                          Vendor Statement

                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                          Vendor References

                                                            Infoblox

                                                            Notified:  February 06, 2015 Updated: February 06, 2015

                                                            Status

                                                              Unknown

                                                            Vendor Statement

                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                            Vendor References

                                                              Intel Corporation

                                                              Notified:  February 06, 2015 Updated: February 06, 2015

                                                              Status

                                                                Unknown

                                                              Vendor Statement

                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                              Vendor References

                                                                Intoto

                                                                Notified:  February 06, 2015 Updated: February 06, 2015

                                                                Status

                                                                  Unknown

                                                                Vendor Statement

                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                Vendor References

                                                                  Juniper Networks, Inc.

                                                                  Notified:  February 06, 2015 Updated: February 09, 2015

                                                                  Statement Date:   February 07, 2015

                                                                  Status

                                                                    Not Affected

                                                                  Vendor Statement

                                                                  "As per our analysis of Junos OS, all our regcomp invocations happen with regular expressions hard coded in the source. We do not see any exploitable attack vector where an attacker can input or influence a regular expression."

                                                                  Vendor Information

                                                                  We are not aware of further vendor information regarding this vulnerability.

                                                                  m0n0wall

                                                                  Notified:  February 06, 2015 Updated: February 06, 2015

                                                                  Status

                                                                    Unknown

                                                                  Vendor Statement

                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                  Vendor References

                                                                    Mandriva S. A.

                                                                    Notified:  February 06, 2015 Updated: February 06, 2015

                                                                    Status

                                                                      Unknown

                                                                    Vendor Statement

                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                    Vendor References

                                                                      McAfee

                                                                      Notified:  February 06, 2015 Updated: February 06, 2015

                                                                      Status

                                                                        Unknown

                                                                      Vendor Statement

                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                      Vendor References

                                                                        Microsoft Corporation

                                                                        Notified:  February 06, 2015 Updated: February 06, 2015

                                                                        Status

                                                                          Unknown

                                                                        Vendor Statement

                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                        Vendor References

                                                                          MySQL

                                                                          Notified:  February 06, 2015 Updated: February 09, 2015

                                                                          Status

                                                                            Unknown

                                                                          Vendor Statement

                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                          Vendor Information

                                                                          We are not aware of further vendor information regarding this vulnerability.

                                                                          NetBSD

                                                                          Notified:  February 06, 2015 Updated: February 09, 2015

                                                                          Statement Date:   February 07, 2015

                                                                          Status

                                                                            Affected

                                                                          Vendor Statement

                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                          Vendor Information

                                                                          We are not aware of further vendor information regarding this vulnerability.

                                                                          netfilter

                                                                          Notified:  February 06, 2015 Updated: February 06, 2015

                                                                          Status

                                                                            Unknown

                                                                          Vendor Statement

                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                          Vendor References

                                                                            Nokia

                                                                            Notified:  February 06, 2015 Updated: February 06, 2015

                                                                            Status

                                                                              Unknown

                                                                            Vendor Statement

                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                            Vendor References

                                                                              Novell, Inc.

                                                                              Notified:  February 06, 2015 Updated: February 06, 2015

                                                                              Status

                                                                                Unknown

                                                                              Vendor Statement

                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                              Vendor References

                                                                                OmniTI

                                                                                Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                Status

                                                                                  Unknown

                                                                                Vendor Statement

                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                Vendor References

                                                                                  OpenBSD

                                                                                  Notified:  February 06, 2015 Updated: February 09, 2015

                                                                                  Statement Date:   February 06, 2015

                                                                                  Status

                                                                                    Not Affected

                                                                                  Vendor Statement

                                                                                  "Since May 2014, we use the following int overflow avoiding construct: regcomp.c: p->strip = reallocarray(NULL, p->ssize, sizeof(sop)); Combined with the previous line, we believe this cannot attain int overflow."

                                                                                  Vendor Information

                                                                                  We are not aware of further vendor information regarding this vulnerability.

                                                                                  openSUSE project

                                                                                  Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                  Status

                                                                                    Unknown

                                                                                  Vendor Statement

                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                  Vendor References

                                                                                    Openwall GNU/*/Linux

                                                                                    Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                    Status

                                                                                      Unknown

                                                                                    Vendor Statement

                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                    Vendor References

                                                                                      Palo Alto Networks

                                                                                      Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                      Status

                                                                                        Unknown

                                                                                      Vendor Statement

                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                      Vendor References

                                                                                        PC-BSD

                                                                                        Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                        Status

                                                                                          Unknown

                                                                                        Vendor Statement

                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                        Vendor References

                                                                                          Peplink

                                                                                          Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                          Status

                                                                                            Unknown

                                                                                          Vendor Statement

                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                          Vendor References

                                                                                            Process Software

                                                                                            Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                            Status

                                                                                              Unknown

                                                                                            Vendor Statement

                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                            Vendor References

                                                                                              Q1 Labs

                                                                                              Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                              Status

                                                                                                Unknown

                                                                                              Vendor Statement

                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                              Vendor References

                                                                                                QNX Software Systems Inc.

                                                                                                Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                Status

                                                                                                  Unknown

                                                                                                Vendor Statement

                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                Vendor References

                                                                                                  Quagga

                                                                                                  Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                  Status

                                                                                                    Unknown

                                                                                                  Vendor Statement

                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                  Vendor References

                                                                                                    Red Hat, Inc.

                                                                                                    Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                    Status

                                                                                                      Unknown

                                                                                                    Vendor Statement

                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                    Vendor References

                                                                                                      SafeNet

                                                                                                      Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                      Status

                                                                                                        Unknown

                                                                                                      Vendor Statement

                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                      Vendor References

                                                                                                        Slackware Linux Inc.

                                                                                                        Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                        Status

                                                                                                          Unknown

                                                                                                        Vendor Statement

                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                        Vendor References

                                                                                                          SmoothWall

                                                                                                          Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                          Status

                                                                                                            Unknown

                                                                                                          Vendor Statement

                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                          Vendor References

                                                                                                            Snort

                                                                                                            Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                            Status

                                                                                                              Unknown

                                                                                                            Vendor Statement

                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                            Vendor References

                                                                                                              Sourcefire

                                                                                                              Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                              Status

                                                                                                                Unknown

                                                                                                              Vendor Statement

                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                              Vendor References

                                                                                                                Stonesoft

                                                                                                                Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                Status

                                                                                                                  Unknown

                                                                                                                Vendor Statement

                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                Vendor References

                                                                                                                  SUSE Linux

                                                                                                                  Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                  Status

                                                                                                                    Unknown

                                                                                                                  Vendor Statement

                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                  Vendor References

                                                                                                                    Symantec

                                                                                                                    Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                    Status

                                                                                                                      Unknown

                                                                                                                    Vendor Statement

                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                    Vendor References

                                                                                                                      The PHP Group

                                                                                                                      Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                      Status

                                                                                                                        Unknown

                                                                                                                      Vendor Statement

                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                      Vendor References

                                                                                                                        TippingPoint Technologies Inc.

                                                                                                                        Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                        Status

                                                                                                                          Unknown

                                                                                                                        Vendor Statement

                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                        Vendor References

                                                                                                                          Turbolinux

                                                                                                                          Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                          Status

                                                                                                                            Unknown

                                                                                                                          Vendor Statement

                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                          Vendor References

                                                                                                                            Ubuntu

                                                                                                                            Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                            Status

                                                                                                                              Unknown

                                                                                                                            Vendor Statement

                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                            Vendor References

                                                                                                                              VMware

                                                                                                                              Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                              Status

                                                                                                                                Unknown

                                                                                                                              Vendor Statement

                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                              Vendor References

                                                                                                                                Vyatta

                                                                                                                                Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                                Status

                                                                                                                                  Unknown

                                                                                                                                Vendor Statement

                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                Vendor References

                                                                                                                                  Watchguard Technologies, Inc.

                                                                                                                                  Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                                  Status

                                                                                                                                    Unknown

                                                                                                                                  Vendor Statement

                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                  Vendor References

                                                                                                                                    Wind River Systems, Inc.

                                                                                                                                    Notified:  February 06, 2015 Updated: February 09, 2015

                                                                                                                                    Statement Date:   February 09, 2015

                                                                                                                                    Status

                                                                                                                                      Affected

                                                                                                                                    Vendor Statement

                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                    Vendor Information

                                                                                                                                    We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                    ZyXEL

                                                                                                                                    Notified:  February 06, 2015 Updated: February 06, 2015

                                                                                                                                    Status

                                                                                                                                      Unknown

                                                                                                                                    Vendor Statement

                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                    Vendor References

                                                                                                                                      View all 77 vendors View less vendors