DEBIAN-CVE-2015-2305

Advisory lineage Upstream: 1 Downstream: 3

Upstream

CVE-2015-2305

Downstream

DLA-233-1 DLA-444-1 DSA-3195-1

Published: 30 Mar 2015, 10:59

Last modified:28 Apr 2026, 20:14

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Mar 2015, 10:59

Published

Vulnerability first disclosed

28 Apr 2026, 20:14

Last Modified

Vulnerability information updated

Description

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Affected Systems

debian•clamav
< 0.98.7+dfsg-1 | < 0.98.7+dfsg-1 | < 0.98.7+dfsg-1 | < 0.98.7+dfsg-1
debian•librcsb-core-wrapper
< 1.005-3 | < 1.005-3 | < 1.005-3 | < 1.005-3
debian•newlib
< 2.0.0-1 | < 2.0.0-1 | < 2.0.0-1 | < 2.0.0-1
debian•nvi
< 1.81.6-13 | < 1.81.6-13 | < 1.81.6-13 | < 1.81.6-13
debian•vigor
< 0.016-24 | < 0.016-24 | < 0.016-24 | < 0.016-24

References (1)

https://security-tracker.debian.org/tracker/CVE-2015-2305