Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components as demonstrated using the -be command line option which triggers an overflow in the host_aton function or (2) the -bh command line option or dnsdb PTR lookup which triggers an overflow in the dns_build_reverse function.
- CentOS Linux 4
- Oracle Linux 4
- Red Hat Enterprise Linux 4