Heap-based buffer overflow in PHP - CVE-2008-2371

 

Heap-based buffer overflow in PHP - CVE-2008-2371

Published: August 1, 2022 / Updated: June 8, 2025


Vulnerability identifier: #VU110340
CSH Severity: Medium
CVSS v4.0:
CVE-ID: CVE-2008-2371
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: PHP Group
Affected software:
PHP

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7. A remote attacker can use a regular expression that begins with an option and contains multiple branches. to trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2008-2371

Install update from vendor's website.

Sources