VDB
CVE-2005-4872
CVE-2005-4872
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
EPSS 1.48% · 81.4th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
1.48%
81.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pcre | pcre | 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm (circl)
- MDVSA-2008:030 (circl)
- SUSE-SA:2008:004 (circl)
- 28658 (circl)
- 27773 (circl)
- 26462 (circl)
- RHSA-2007:1052 (circl)
- SUSE-SA:2007:062 (circl)
- http://www.pcre.org/changelog.txt (circl)
- 27869 (circl)
…and 3 more exploits
Timeline
- Dec 31, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- http://secunia.com/advisories/27869 url
- http://secunia.com/advisories/28658 url
- http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm url
- MDVSA-2008:030 vendor-advisory
- SUSE-SA:2008:004 vendor-advisory
- 27773 third-party-advisory
- 26462 vdb
- RHSA-2007:1052 vendor-advisory
- SUSE-SA:2007:062 vendor-advisory
- http://www.pcre.org/changelog.txt url
- oval:org.mitre.oval:def:11615 vdb
- 27582 third-party-advisory
- http://scary.beasts.org/security/CESA-2007-006.html url
- https://nvd.nist.gov/vuln/detail/CVE-2005-4872 advisory