Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 24, 2015
Statement Date: February 24, 2015
Not Affected
"Since all regcomp() calls are done with hard coded regular expressions – Check Point does not find our code exploitable by an attacker."
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 09, 2015
Statement Date: February 07, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 13, 2015
Statement Date: February 07, 2015
Affected
"DragonFly is 64-bit only now so the current release is not affected. However, older versions of DragonFly (prior to us going 64-bit only) are vulnerable. Despite the vulnerability I'm not sure I would classify this as a serious problem because it is highly unlikely that programs using the library would allow a 700MB+ pattern string in the first place. Patterns of that size certainly can't be passed on the command line due to OS exec argument buffer limitations. That said, we will commit a length check to avoid any possible overflow."
The vendor has patched the issue; the git log is available at the URL below:
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 27, 2015
Statement Date: February 27, 2015
Not Affected
"Fortinet products are not affected by the Henry Spencer regular expressions (regex) library heap overflow vulnerability."
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 09, 2015
Statement Date: February 06, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 09, 2015
Statement Date: February 09, 2015
Not Affected
"No GTA firewalls running any version of GB-OS are vulnerable to the H. Spencer Regex vulnerability VU#695940."
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 09, 2015
Statement Date: February 07, 2015
Not Affected
"As per our analysis of Junos OS, all our regcomp invocations happen with regular expressions hard coded in the source. We do not see any exploitable attack vector where an attacker can input or influence a regular expression."
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 09, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 09, 2015
Statement Date: February 07, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 09, 2015
Statement Date: February 06, 2015
Not Affected
"Since May 2014, we use the following int overflow avoiding construct: regcomp.c: p->strip = reallocarray(NULL, p->ssize, sizeof(sop)); Combined with the previous line, we believe this cannot attain int overflow."
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 06, 2015 Updated: February 09, 2015
Statement Date: February 09, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 06, 2015 Updated: February 06, 2015
Unknown
No statement is currently available from the vendor regarding this vulnerability.