Heap-based buffer overflow in Henry Spencer BSD regex library (rxspencer) alpha3.8.g5 on 32-bit platforms, allowing arbitrary code execution

Heap-based buffer overflow in Henry Spencer BSD regex library (rxspencer) alpha3.8.g5 on 32-bit platforms, allowing arbitrary code execution

CVE-2015-2305 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Learn more about our Web Application Penetration Testing UK.