CVE-2008-2371
pcre3 - heap-based buffer overflow
EPSS 4.1%
Description
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
How to fix CVE-2008-2371
To remediate CVE-2008-2371, upgrade the affected package to a fixed version below.
- Debian/pcre3—upgrade to 7.6-2.1 or later
- Debian/pcre3—upgrade to 6.7+7.4-4 or later
- —upgrade to 7.4-1+lenny2 or later
Is CVE-2008-2371 being exploited?
Low — EPSS is 4.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 7.6-2.1
- from 0, < 6.7+7.4-4
- from 0, < 7.4-1+lenny2