CVE Vulnerabilities

CVE-2015-2305

Integer Overflow or Wraparound

Published: Mar 30, 2015 | Modified: Aug 16, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
5.1 MODERATE
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Weakness

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Affected Software

Name Vendor Start Version End Version
Rxspencer Rxspencer_project 3.8.g5 (including) 3.8.g5 (including)
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat php55-0:2.0-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat php55-php-0:5.5.21-2.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat php54-0:2.0-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat php54-php-0:5.4.40-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat php54-php-pecl-zendopcache-0:7.0.4-3.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS RedHat php55-0:2.0-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS RedHat php55-php-0:5.5.21-2.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS RedHat php54-0:2.0-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS RedHat php54-php-0:5.4.40-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS RedHat php54-php-pecl-zendopcache-0:7.0.4-3.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat php55-0:2.0-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat php55-php-0:5.5.21-2.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat php54-0:2.0-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat php54-php-0:5.4.40-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat php54-php-pecl-zendopcache-0:7.0.4-3.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat php55-0:2.0-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat php55-php-0:5.5.21-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat php54-0:2.0-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat php54-php-0:5.4.40-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat php54-php-pecl-zendopcache-0:7.0.4-3.el7 *
Clamav Ubuntu artful *
Clamav Ubuntu bionic *
Clamav Ubuntu cosmic *
Clamav Ubuntu devel *
Clamav Ubuntu disco *
Clamav Ubuntu eoan *
Clamav Ubuntu focal *
Clamav Ubuntu groovy *
Clamav Ubuntu hirsute *
Clamav Ubuntu impish *
Clamav Ubuntu jammy *
Clamav Ubuntu kinetic *
Clamav Ubuntu lucid *
Clamav Ubuntu lunar *
Clamav Ubuntu mantic *
Clamav Ubuntu noble *
Clamav Ubuntu oracular *
Clamav Ubuntu precise *
Clamav Ubuntu trusty *
Clamav Ubuntu upstream *
Clamav Ubuntu utopic *
Clamav Ubuntu vivid *
Clamav Ubuntu wily *
Clamav Ubuntu xenial *
Clamav Ubuntu yakkety *
Clamav Ubuntu zesty *
Librcsb-core-wrapper Ubuntu trusty *
Librcsb-core-wrapper Ubuntu upstream *
Librcsb-core-wrapper Ubuntu utopic *
Llvm-toolchain-3.4 Ubuntu precise *
Llvm-toolchain-3.4 Ubuntu trusty *
Llvm-toolchain-3.4 Ubuntu upstream *
Llvm-toolchain-3.4 Ubuntu utopic *
Llvm-toolchain-3.4 Ubuntu vivid *
Llvm-toolchain-3.4 Ubuntu wily *
Llvm-toolchain-3.5 Ubuntu utopic *
Llvm-toolchain-3.5 Ubuntu vivid *
Llvm-toolchain-3.6 Ubuntu upstream *
Llvm-toolchain-3.6 Ubuntu vivid *
Llvm-toolchain-3.6 Ubuntu vivid/stable-phone-overlay *
Llvm-toolchain-3.6 Ubuntu wily *
Llvm-toolchain-3.6 Ubuntu yakkety *
Llvm-toolchain-snapshot Ubuntu trusty *
Llvm-toolchain-snapshot Ubuntu upstream *
Newlib Ubuntu artful *
Newlib Ubuntu lucid *
Newlib Ubuntu precise *
Newlib Ubuntu upstream *
Newlib Ubuntu utopic *
Newlib Ubuntu vivid *
Newlib Ubuntu wily *
Newlib Ubuntu yakkety *
Newlib Ubuntu zesty *
Nvi Ubuntu artful *
Nvi Ubuntu esm-apps/xenial *
Nvi Ubuntu lucid *
Nvi Ubuntu precise *
Nvi Ubuntu trusty *
Nvi Ubuntu upstream *
Nvi Ubuntu utopic *
Nvi Ubuntu vivid *
Nvi Ubuntu wily *
Nvi Ubuntu xenial *
Nvi Ubuntu yakkety *
Nvi Ubuntu zesty *
Openrpt Ubuntu artful *
Openrpt Ubuntu bionic *
Openrpt Ubuntu cosmic *
Openrpt Ubuntu disco *
Openrpt Ubuntu eoan *
Openrpt Ubuntu esm-apps/bionic *
Openrpt Ubuntu esm-apps/xenial *
Openrpt Ubuntu trusty *
Openrpt Ubuntu upstream *
Openrpt Ubuntu utopic *
Openrpt Ubuntu vivid *
Openrpt Ubuntu wily *
Openrpt Ubuntu xenial *
Openrpt Ubuntu yakkety *
Openrpt Ubuntu zesty *
Php5 Ubuntu lucid *
Php5 Ubuntu precise *
Php5 Ubuntu trusty *
Php5 Ubuntu upstream *
Php5 Ubuntu utopic *
Php5 Ubuntu vivid *
Php5 Ubuntu wily *
Radare2 Ubuntu artful *
Radare2 Ubuntu esm-apps/xenial *
Radare2 Ubuntu lunar *
Radare2 Ubuntu precise *
Radare2 Ubuntu trusty *
Radare2 Ubuntu upstream *
Radare2 Ubuntu utopic *
Radare2 Ubuntu vivid *
Radare2 Ubuntu wily *
Radare2 Ubuntu xenial *
Radare2 Ubuntu yakkety *
Radare2 Ubuntu zesty *
Vigor Ubuntu lucid *
Vigor Ubuntu precise *
Vigor Ubuntu trusty *
Vigor Ubuntu upstream *
Vigor Ubuntu utopic *
Yap Ubuntu lucid *
Yap Ubuntu precise *
Yap Ubuntu trusty *
Yap Ubuntu upstream *
Yap Ubuntu utopic *

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
  • Understand the programming language’s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, “not-a-number” calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.

References