CVE-2008-2371

EPSS 4.1%

pcre3 - heap-based buffer overflow

Published: 7/7/2008Modified: 3/9/2026

Also known as:DEBIAN-CVE-2008-2371DTSA-145-1

Description

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

Affected packages (3)

Debian/pcre3from 0, < 7.6-2.1
Debian/pcre3from 0, < 6.7+7.4-4
Debian/pcre3from 0, < 7.4-1+lenny2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-2371