1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200508-17 / libpcre |
| Release Date | August 25, 2005 |
| Latest Revision | August 25, 2005: 01 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-libs/libpcre | < 6.3 | >= 6.3 | All supported architectures |
Related bugreports: #103337
libpcre is vulnerable to a heap integer overflow, possibly leading to the execution of arbitrary code.
libpcre is a library providing functions for Perl-compatible regular expressions.
libpcre fails to check certain quantifier values in regular expressions for sane values.
An attacker could possibly exploit this vulnerability to execute arbitrary code by sending specially crafted regular expressions to applications making use of the libpcre library.
There is no known workaround at this time.
All libpcre users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-6.3" |