Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43 as originally obtained from Samba code and as called by the auth_spa_client function may allow attackers to execute arbitrary code during SPA authentication.
- Red Hat Enterprise Linux 4
- Oracle Linux 4
- CentOS Linux 4