CNVD-2015-01461

Vulnerability from cnvd - Published: 2015-03-06
VLAI Severity ?
Title
Henry Spencer Regex Library‘regcomp.c’基于堆的缓冲区溢出漏洞
Description
Henry Spencer Regex Library是加拿大软件开发者Henry Spencer所研发的一套使用C语言编写的正则表达式软件库。 Henry Spencer Regex Library中存在缓冲区溢出漏洞。攻击者可利用该漏洞在受影响应用程序上下文中执行未授权操作。
Severity
Patch Name
Henry Spencer Regex Library‘regcomp.c’缓冲区溢出漏洞的补丁
Patch Description
Henry Spencer Regex Library是加拿大软件开发者Henry Spencer所研发的一套使用C语言编写的正则表达式软件库。 Henry Spencer Regex Library中存在缓冲区溢出漏洞。攻击者可利用该漏洞在受影响应用程序上下文中执行未授权操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c

Reference
http://www.securityfocus.com/bid/72611
Impacted products
Name
Henry Spencer Henry Spencer Regex Library
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "72611"
    }
  },
  "description": "Henry Spencer Regex Library\u662f\u52a0\u62ff\u5927\u8f6f\u4ef6\u5f00\u53d1\u8005Henry Spencer\u6240\u7814\u53d1\u7684\u4e00\u5957\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u8f6f\u4ef6\u5e93\u3002\r\n\r\nHenry Spencer Regex Library\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "Guido Vranken",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a      http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01461",
  "openTime": "2015-03-06",
  "patchDescription": "Henry Spencer Regex Library\u662f\u52a0\u62ff\u5927\u8f6f\u4ef6\u5f00\u53d1\u8005Henry Spencer\u6240\u7814\u53d1\u7684\u4e00\u5957\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u8f6f\u4ef6\u5e93\u3002\r\n\r\nHenry Spencer Regex Library\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Henry Spencer Regex Library\u2018regcomp.c\u2019\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Henry Spencer Henry Spencer Regex Library"
  },
  "referenceLink": "http://www.securityfocus.com/bid/72611",
  "serverity": "\u4e2d",
  "submitTime": "2015-03-05",
  "title": "Henry Spencer Regex Library\u2018regcomp.c\u2019\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.