Vulnerabilites related to pcre - pcre
CVE-2007-1659 (GCVE-0-2007-1659)
Vulnerability from cvelistv5
Published
2007-11-07 20:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "MDKSA-2007:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27965"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27547"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "pcre-regex-code-execution(38272)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38272"
},
{
"name": "RHSA-2007:1068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "28041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "1018895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018895"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "RHSA-2007:0967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "oval:org.mitre.oval:def:9725",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725"
},
{
"name": "27598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27598"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched \"\\Q\\E\" sequences with orphan \"\\E\" codes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "MDKSA-2007:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27965"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27547"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "pcre-regex-code-execution(38272)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38272"
},
{
"name": "RHSA-2007:1068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "28041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "1018895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018895"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "RHSA-2007:0967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "oval:org.mitre.oval:def:9725",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725"
},
{
"name": "27598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27598"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched \"\\Q\\E\" sequences with orphan \"\\E\" codes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30219"
},
{
"name": "MDKSA-2007:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"name": "27965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27965"
},
{
"name": "29267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "MDVSA-2008:030",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1738",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "28658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SR:2007:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27547"
},
{
"name": "27543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27543"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "pcre-regex-code-execution(38272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38272"
},
{
"name": "RHSA-2007:1068",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "GLSA-200805-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "28041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28041"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "1018895",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018895"
},
{
"name": "ADV-2007-3725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"name": "http://www.pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30155"
},
{
"name": "RHSA-2007:0967",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"name": "28720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "oval:org.mitre.oval:def:9725",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725"
},
{
"name": "27598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27598"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1659",
"datePublished": "2007-11-07T20:00:00",
"dateReserved": "2007-03-24T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2491 (GCVE-0-2005-2491)
Vulnerability from cvelistv5
Published
2005-08-22 04:00
Modified
2024-08-07 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenPKG-SA-2005.018",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112606064317223\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf"
},
{
"name": "22691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22691"
},
{
"name": "17813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17813"
},
{
"name": "ADV-2006-4502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name": "GLSA-200509-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "14620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14620"
},
{
"name": "ADV-2005-2659",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2659"
},
{
"name": "FLSA:168516",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427046/100/0/threaded"
},
{
"name": "GLSA-200509-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml"
},
{
"name": "TSLSA-2005-0059",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"name": "22875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22875"
},
{
"name": "SSRT061238",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"name": "SSRT090208",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "HPSBMA02159",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"name": "oval:org.mitre.oval:def:1659",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
},
{
"name": "SUSE-SA:2005:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605112027335\u0026w=2"
},
{
"name": "16502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16502"
},
{
"name": "SSRT051251",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"name": "21522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21522"
},
{
"name": "16679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16679"
},
{
"name": "DSA-817",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-817"
},
{
"name": "GLSA-200508-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml"
},
{
"name": "ADV-2005-1511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1511"
},
{
"name": "604",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/604"
},
{
"name": "1014744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014744"
},
{
"name": "HPSBUX02074",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf"
},
{
"name": "APPLE-SA-2005-11-29",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=302847"
},
{
"name": "RHSA-2005:761",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-761.html"
},
{
"name": "SUSE-SA:2005:049",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"name": "DSA-819",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-819"
},
{
"name": "ADV-2006-4320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4320"
},
{
"name": "RHSA-2005:358",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-358.html"
},
{
"name": "oval:org.mitre.oval:def:1496",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496"
},
{
"name": "DSA-821",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-821"
},
{
"name": "HPSBOV02683",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "19072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19072"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/release_4_4_1.php"
},
{
"name": "GLSA-200509-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml"
},
{
"name": "oval:org.mitre.oval:def:11516",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516"
},
{
"name": "17252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17252"
},
{
"name": "GLSA-200509-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml"
},
{
"name": "SUSE-SA:2005:052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_52_apache2.html"
},
{
"name": "oval:org.mitre.oval:def:735",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735"
},
{
"name": "15647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm"
},
{
"name": "DSA-800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-800"
},
{
"name": "19193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19193"
},
{
"name": "SCOSA-2006.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"name": "102198",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"name": "SUSE-SA:2005:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_48_pcre.html"
},
{
"name": "RHSA-2006:0197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0197.html"
},
{
"name": "ADV-2006-0789",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0789"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:09:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "OpenPKG-SA-2005.018",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112606064317223\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf"
},
{
"name": "22691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22691"
},
{
"name": "17813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17813"
},
{
"name": "ADV-2006-4502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name": "GLSA-200509-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "14620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14620"
},
{
"name": "ADV-2005-2659",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2659"
},
{
"name": "FLSA:168516",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/427046/100/0/threaded"
},
{
"name": "GLSA-200509-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml"
},
{
"name": "TSLSA-2005-0059",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"name": "22875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22875"
},
{
"name": "SSRT061238",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"name": "SSRT090208",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "HPSBMA02159",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"name": "oval:org.mitre.oval:def:1659",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
},
{
"name": "SUSE-SA:2005:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605112027335\u0026w=2"
},
{
"name": "16502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16502"
},
{
"name": "SSRT051251",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"name": "21522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21522"
},
{
"name": "16679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16679"
},
{
"name": "DSA-817",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-817"
},
{
"name": "GLSA-200508-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml"
},
{
"name": "ADV-2005-1511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1511"
},
{
"name": "604",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/604"
},
{
"name": "1014744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014744"
},
{
"name": "HPSBUX02074",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf"
},
{
"name": "APPLE-SA-2005-11-29",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=302847"
},
{
"name": "RHSA-2005:761",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-761.html"
},
{
"name": "SUSE-SA:2005:049",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"name": "DSA-819",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-819"
},
{
"name": "ADV-2006-4320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4320"
},
{
"name": "RHSA-2005:358",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-358.html"
},
{
"name": "oval:org.mitre.oval:def:1496",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496"
},
{
"name": "DSA-821",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-821"
},
{
"name": "HPSBOV02683",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "19072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19072"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/release_4_4_1.php"
},
{
"name": "GLSA-200509-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml"
},
{
"name": "oval:org.mitre.oval:def:11516",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516"
},
{
"name": "17252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17252"
},
{
"name": "GLSA-200509-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml"
},
{
"name": "SUSE-SA:2005:052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_52_apache2.html"
},
{
"name": "oval:org.mitre.oval:def:735",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735"
},
{
"name": "15647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm"
},
{
"name": "DSA-800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-800"
},
{
"name": "19193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19193"
},
{
"name": "SCOSA-2006.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"name": "102198",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"name": "SUSE-SA:2005:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_48_pcre.html"
},
{
"name": "RHSA-2006:0197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0197.html"
},
{
"name": "ADV-2006-0789",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0789"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2491",
"datePublished": "2005-08-22T04:00:00",
"dateReserved": "2005-08-08T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4767 (GCVE-0-2007-4767)
Vulnerability from cvelistv5
Published
2007-11-07 20:00
Modified
2024-08-07 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "pcre-p-sequence-bo(38277)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38277"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \\p sequence, (2) a \\P sequence, or (3) a \\P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "pcre-p-sequence-bo(38277)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38277"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \\p sequence, (2) a \\P sequence, or (3) a \\P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "https://issues.rpath.com/browse/RPL-1738",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"name": "http://www.pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30155"
},
{
"name": "pcre-p-sequence-bo(38277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38277"
},
{
"name": "28720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4767",
"datePublished": "2007-11-07T20:00:00",
"dateReserved": "2007-09-10T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7245 (GCVE-0-2017-7245)
Vulnerability from cvelistv5
Published
2017-03-23 21:00
Modified
2024-08-05 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97067"
},
{
"name": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7245",
"datePublished": "2017-03-23T21:00:00",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2328 (GCVE-0-2015-2328)
Vulnerability from cvelistv5
Published
2015-12-02 01:00
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "74924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74924"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-VD-15-014/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/SERVER-17252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "74924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74924"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/advisory/FG-VD-15-014/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.mongodb.org/browse/SERVER-17252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "74924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74924"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "http://www.fortiguard.com/advisory/FG-VD-15-014/",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FG-VD-15-014/"
},
{
"name": "https://jira.mongodb.org/browse/SERVER-17252",
"refsource": "CONFIRM",
"url": "https://jira.mongodb.org/browse/SERVER-17252"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1515",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=1515"
},
{
"name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2328",
"datePublished": "2015-12-02T01:00:00",
"dateReserved": "2015-03-18T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8964 (GCVE-0-2014-8964)
Vulnerability from cvelistv5
Published
2014-12-16 18:00
Modified
2024-08-06 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-17624",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html"
},
{
"name": "openSUSE-SU-2015:0858",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "71206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.exim.org/viewvc/pcre?view=revision\u0026revision=1513"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0534.html"
},
{
"name": "FEDORA-2014-17642",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html"
},
{
"name": "FEDORA-2014-15573",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html"
},
{
"name": "[oss-security] 20141121 Re: CVE request: heap buffer overflow in PCRE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/21/6"
},
{
"name": "RHSA-2015:0330",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0330.html"
},
{
"name": "FEDORA-2014-17626",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html"
},
{
"name": "MDVSA-2015:002",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:002"
},
{
"name": "MDVSA-2015:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166147"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.exim.org/show_bug.cgi?id=1546"
},
{
"name": "GLSA-201607-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2014-17624",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html"
},
{
"name": "openSUSE-SU-2015:0858",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "71206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.exim.org/viewvc/pcre?view=revision\u0026revision=1513"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0534.html"
},
{
"name": "FEDORA-2014-17642",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html"
},
{
"name": "FEDORA-2014-15573",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html"
},
{
"name": "[oss-security] 20141121 Re: CVE request: heap buffer overflow in PCRE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/21/6"
},
{
"name": "RHSA-2015:0330",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0330.html"
},
{
"name": "FEDORA-2014-17626",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html"
},
{
"name": "MDVSA-2015:002",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:002"
},
{
"name": "MDVSA-2015:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166147"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.exim.org/show_bug.cgi?id=1546"
},
{
"name": "GLSA-201607-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-17624",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html"
},
{
"name": "openSUSE-SU-2015:0858",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "71206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71206"
},
{
"name": "http://www.exim.org/viewvc/pcre?view=revision\u0026revision=1513",
"refsource": "CONFIRM",
"url": "http://www.exim.org/viewvc/pcre?view=revision\u0026revision=1513"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0534.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0534.html"
},
{
"name": "FEDORA-2014-17642",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html"
},
{
"name": "FEDORA-2014-15573",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html"
},
{
"name": "[oss-security] 20141121 Re: CVE request: heap buffer overflow in PCRE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/21/6"
},
{
"name": "RHSA-2015:0330",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0330.html"
},
{
"name": "FEDORA-2014-17626",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html"
},
{
"name": "MDVSA-2015:002",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:002"
},
{
"name": "MDVSA-2015:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:137"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1166147",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166147"
},
{
"name": "http://bugs.exim.org/show_bug.cgi?id=1546",
"refsource": "CONFIRM",
"url": "http://bugs.exim.org/show_bug.cgi?id=1546"
},
{
"name": "GLSA-201607-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8964",
"datePublished": "2014-12-16T18:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T13:33:12.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1660 (GCVE-0-2007-1660)
Vulnerability from cvelistv5
Published
2007-11-07 20:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "MDKSA-2007:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27965"
},
{
"name": "27776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27776"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "RHSA-2007:0968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0968.html"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "RHSA-2008:0546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "27862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27862"
},
{
"name": "oval:org.mitre.oval:def:10562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "pcre-character-class-dos(38273)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38273"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"name": "RHSA-2007:1065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"name": "31124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31124"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27547"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm"
},
{
"name": "29785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29785"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "ADV-2008-1234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"name": "MDKSA-2007:213",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "1018895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018895"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "RHSA-2007:1063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"name": "RHSA-2007:0967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=315881"
},
{
"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"name": "27598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27598"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified \"multiple forms of character class\", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "MDKSA-2007:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27965"
},
{
"name": "27776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27776"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "RHSA-2007:0968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0968.html"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "RHSA-2008:0546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "27862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27862"
},
{
"name": "oval:org.mitre.oval:def:10562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "pcre-character-class-dos(38273)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38273"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"name": "RHSA-2007:1065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"name": "31124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31124"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27547"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm"
},
{
"name": "29785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29785"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "ADV-2008-1234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"name": "MDKSA-2007:213",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "1018895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018895"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "RHSA-2007:1063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"name": "RHSA-2007:0967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=315881"
},
{
"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"name": "27598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27598"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified \"multiple forms of character class\", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30219"
},
{
"name": "MDKSA-2007:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"name": "27965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27965"
},
{
"name": "27776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27776"
},
{
"name": "USN-547-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "RHSA-2007:0968",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0968.html"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "RHSA-2008:0546",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "27862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27862"
},
{
"name": "oval:org.mitre.oval:def:10562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562"
},
{
"name": "DSA-1570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1738",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "28658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27697"
},
{
"name": "pcre-character-class-dos(38273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38273"
},
{
"name": "28406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"name": "RHSA-2007:1065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"name": "31124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31124"
},
{
"name": "SUSE-SR:2007:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27547"
},
{
"name": "27543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27543"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm"
},
{
"name": "29785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29785"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "ADV-2008-1234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"name": "MDKSA-2007:213",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:213"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "1018895",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018895"
},
{
"name": "ADV-2007-3725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30155"
},
{
"name": "RHSA-2007:1063",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"name": "RHSA-2007:0967",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"name": "28720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=315881",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=315881"
},
{
"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"name": "27598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27598"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1660",
"datePublished": "2007-11-07T20:00:00",
"dateReserved": "2007-03-24T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4766 (GCVE-0-2007-4766)
Vulnerability from cvelistv5
Published
2007-11-07 20:00
Modified
2024-08-07 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "pcre-escape-sequence-overflow(38276)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38276"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "pcre-escape-sequence-overflow(38276)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38276"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "https://issues.rpath.com/browse/RPL-1738",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27773"
},
{
"name": "27697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "pcre-escape-sequence-overflow(38276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38276"
},
{
"name": "27543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "SUSE-SA:2007:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"name": "http://www.pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4766",
"datePublished": "2007-11-07T20:00:00",
"dateReserved": "2007-09-10T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3217 (GCVE-0-2015-3217)
Vulnerability from cvelistv5
Published
2016-12-13 16:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
},
{
"name": "75018",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
},
{
"name": "75018",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1132",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1638",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=1638"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "[oss-security] 20150603 CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
},
{
"name": "75018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3217",
"datePublished": "2016-12-13T16:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7227 (GCVE-0-2006-7227)
Vulnerability from cvelistv5
Published
2007-11-14 21:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "oval:org.mitre.oval:def:10408",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "26462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26462"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "RHSA-2007:1052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "27869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27869"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "27582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27582"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "oval:org.mitre.oval:def:10408",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "26462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26462"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "RHSA-2007:1052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "27869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27869"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "27582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27582"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-7227",
"datePublished": "2007-11-14T21:00:00",
"dateReserved": "2007-11-14T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1662 (GCVE-0-2007-1662)
Vulnerability from cvelistv5
Published
2007-11-07 20:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "pcre-unmatched-dos(38275)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38275"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "pcre-unmatched-dos(38275)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38275"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30219"
},
{
"name": "29267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "pcre-unmatched-dos(38275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38275"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "DSA-1570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "https://issues.rpath.com/browse/RPL-1738",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "27697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "27543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "FEDORA-2008-1842",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "ADV-2007-3725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "http://www.pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "DSA-1399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1662",
"datePublished": "2007-11-07T20:00:00",
"dateReserved": "2007-03-24T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7246 (GCVE-0-2017-7246)
Vulnerability from cvelistv5
Published
2017-03-23 21:00
Modified
2024-08-05 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97067"
},
{
"name": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7246",
"datePublished": "2017-03-23T21:00:00",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11164 (GCVE-0-2017-11164)
Vulnerability from cvelistv5
Published
2017-07-11 00:00
Modified
2024-08-05 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99575",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99575"
},
{
"tags": [
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/07/11/3"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[oss-security] 20230411 CVE-2017-11164 - stack exhaustion in PCRE",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/11/1"
},
{
"name": "[oss-security] 20230412 Re: CVE-2017-11164 - stack exhaustion in PCRE",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/12/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99575",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/99575"
},
{
"url": "http://openwall.com/lists/oss-security/2017/07/11/3"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[oss-security] 20230411 CVE-2017-11164 - stack exhaustion in PCRE",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/11/1"
},
{
"name": "[oss-security] 20230412 Re: CVE-2017-11164 - stack exhaustion in PCRE",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/12/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11164",
"datePublished": "2017-07-11T00:00:00",
"dateReserved": "2017-07-10T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7186 (GCVE-0-2017-7186)
Vulnerability from cvelistv5
Published
2017-03-20 00:00
Modified
2024-08-05 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2052"
},
{
"name": "GLSA-201710-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
},
{
"name": "97030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97030"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2052"
},
{
"name": "GLSA-201710-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
},
{
"name": "97030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97030"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.exim.org/show_bug.cgi?id=2052",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=2052"
},
{
"name": "GLSA-201710-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-09"
},
{
"name": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date",
"refsource": "CONFIRM",
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
},
{
"name": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date",
"refsource": "CONFIRM",
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
},
{
"name": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date",
"refsource": "CONFIRM",
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
},
{
"name": "97030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97030"
},
{
"name": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
},
{
"name": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date",
"refsource": "CONFIRM",
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7186",
"datePublished": "2017-03-20T00:00:00",
"dateReserved": "2017-03-19T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7230 (GCVE-0-2006-7230)
Vulnerability from cvelistv5
Published
2007-11-15 19:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=384801"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "RHSA-2007:1068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "oval:org.mitre.oval:def:10911",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911"
},
{
"name": "RHSA-2007:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"name": "26550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26550"
},
{
"name": "28041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28041"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=384801"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "RHSA-2007:1068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "oval:org.mitre.oval:def:10911",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911"
},
{
"name": "RHSA-2007:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"name": "26550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26550"
},
{
"name": "28041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28041"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-7230",
"datePublished": "2007-11-15T19:00:00",
"dateReserved": "2007-11-15T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4872 (GCVE-0-2005-4872)
Vulnerability from cvelistv5
Published
2007-11-14 21:00
Modified
2024-08-08 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "26462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26462"
},
{
"name": "RHSA-2007:1052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "27869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27869"
},
{
"name": "oval:org.mitre.oval:def:11615",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11615"
},
{
"name": "27582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27582"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "26462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26462"
},
{
"name": "RHSA-2007:1052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "27869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27869"
},
{
"name": "oval:org.mitre.oval:def:11615",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11615"
},
{
"name": "27582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27582"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-4872",
"datePublished": "2007-11-14T21:00:00",
"dateReserved": "2007-11-14T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2371 (GCVE-0-2008-2371)
Vulnerability from cvelistv5
Published
2008-07-07 23:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2005",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2005"
},
{
"name": "MDVSA-2008:147",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32746"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=228091"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "ADV-2008-2006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2006"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "SSRT090085",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "30972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30972"
},
{
"name": "USN-624-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-624-2"
},
{
"name": "32454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32454"
},
{
"name": "30944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30944"
},
{
"name": "30958",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30958"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "39300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39300"
},
{
"name": "FEDORA-2008-6025",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes"
},
{
"name": "USN-624-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-624-1"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "ADV-2010-0833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0833"
},
{
"name": "FEDORA-2008-6048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html"
},
{
"name": "MDVSA-2009:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31200"
},
{
"name": "30916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30916"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "30961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30961"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "30087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30087"
},
{
"name": "30990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30990"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "DSA-1602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1602"
},
{
"name": "HPSBUX02431",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "ADV-2008-2336",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2336"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "30945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30945"
},
{
"name": "GLSA-200807-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "20081027 rPSA-2008-0305-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded"
},
{
"name": "35650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2008-2005",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2005"
},
{
"name": "MDVSA-2008:147",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32746"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=228091"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "ADV-2008-2006",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2006"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "SSRT090085",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "30972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30972"
},
{
"name": "USN-624-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-624-2"
},
{
"name": "32454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32454"
},
{
"name": "30944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30944"
},
{
"name": "30958",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30958"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "USN-628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "39300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39300"
},
{
"name": "FEDORA-2008-6025",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes"
},
{
"name": "USN-624-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-624-1"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "ADV-2010-0833",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0833"
},
{
"name": "FEDORA-2008-6048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html"
},
{
"name": "MDVSA-2009:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name": "31200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31200"
},
{
"name": "30916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30916"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "30961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30961"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "30087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30087"
},
{
"name": "30990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30990"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "DSA-1602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1602"
},
{
"name": "HPSBUX02431",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "ADV-2008-2336",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2336"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "30945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30945"
},
{
"name": "GLSA-200807-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "20081027 rPSA-2008-0305-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded"
},
{
"name": "35650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35650"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2371",
"datePublished": "2008-07-07T23:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8391 (GCVE-0-2015-8391)
Vulnerability from cvelistv5
Published
2015-12-02 00:00
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "82990",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82990"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "FEDORA-2015-eb896290d3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"tags": [
"x_transferred"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
},
{
"name": "GLSA-201607-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20151128 Re: Heap Overflow in PCRE",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "82990",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/82990"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "FEDORA-2015-eb896290d3",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
},
{
"name": "GLSA-201607-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201607-02"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8391",
"datePublished": "2015-12-02T00:00:00",
"dateReserved": "2015-12-01T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1283 (GCVE-0-2016-1283)
Vulnerability from cvelistv5
Published
2016-01-03 00:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1767"
},
{
"name": "SSA:2016-172-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.343110"
},
{
"name": "79825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79825"
},
{
"name": "FEDORA-2016-f5af8e27ce",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html"
},
{
"name": "FEDORA-2016-65833b5dbc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2017-14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"name": "1034555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034555"
},
{
"name": "GLSA-201607-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?\u0027R\u0027(?\u0027R\u0027\u003c((?\u0027RR\u0027(?\u0027R\u0027\\){97)?J)?J)(?\u0027R\u0027(?\u0027R\u0027\\){99|(:(?|(?\u0027R\u0027)(\\k\u0027R\u0027)|((?\u0027R\u0027)))H\u0027R\u0027R)(H\u0027R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1767"
},
{
"name": "SSA:2016-172-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.343110"
},
{
"name": "79825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79825"
},
{
"name": "FEDORA-2016-f5af8e27ce",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html"
},
{
"name": "FEDORA-2016-65833b5dbc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2017-14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"name": "1034555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034555"
},
{
"name": "GLSA-201607-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?\u0027R\u0027(?\u0027R\u0027\u003c((?\u0027RR\u0027(?\u0027R\u0027\\){97)?J)?J)(?\u0027R\u0027(?\u0027R\u0027\\){99|(:(?|(?\u0027R\u0027)(\\k\u0027R\u0027)|((?\u0027R\u0027)))H\u0027R\u0027R)(H\u0027R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1132",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1767",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=1767"
},
{
"name": "SSA:2016-172-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.343110"
},
{
"name": "79825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79825"
},
{
"name": "FEDORA-2016-f5af8e27ce",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html"
},
{
"name": "FEDORA-2016-65833b5dbc",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-18",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "https://www.tenable.com/security/tns-2017-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-14"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa128",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"name": "1034555",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034555"
},
{
"name": "GLSA-201607-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1283",
"datePublished": "2016-01-03T00:00:00",
"dateReserved": "2016-01-02T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0674 (GCVE-0-2008-0674)
Vulnerability from cvelistv5
Published
2008-02-18 22:00
Modified
2024-08-07 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-1533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html"
},
{
"name": "28923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28923"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29048"
},
{
"name": "GLSA-200803-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-24.xml"
},
{
"name": "DSA-1499",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1499"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news"
},
{
"name": "28957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28957"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "29027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29027"
},
{
"name": "29282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29282"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "28960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28960"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "20080228 rPSA-2008-0086-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488927/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "28996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28996"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086"
},
{
"name": "MDVSA-2008:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:053"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "ADV-2008-0592",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0592"
},
{
"name": "pcre-characterclass-bo(40505)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40505"
},
{
"name": "29175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29175"
},
{
"name": "1022674",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022674"
},
{
"name": "28985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28985"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pcre.org/changelog.txt"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "FEDORA-2008-1783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html"
},
{
"name": "USN-581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/581-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2223"
},
{
"name": "ADV-2008-0570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0570"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0086"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "ADV-2008-1412",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-1533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html"
},
{
"name": "28923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28923"
},
{
"name": "32746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32746"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29048"
},
{
"name": "GLSA-200803-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-24.xml"
},
{
"name": "DSA-1499",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1499"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news"
},
{
"name": "28957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28957"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "36096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36096"
},
{
"name": "29009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "29027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29027"
},
{
"name": "29282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29282"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "28960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28960"
},
{
"name": "30345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30345"
},
{
"name": "20080228 rPSA-2008-0086-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488927/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "28996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28996"
},
{
"name": "APPLE-SA-2009-08-05-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086"
},
{
"name": "MDVSA-2008:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:053"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "ADV-2008-0592",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0592"
},
{
"name": "pcre-characterclass-bo(40505)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40505"
},
{
"name": "29175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29175"
},
{
"name": "1022674",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022674"
},
{
"name": "28985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28985"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pcre.org/changelog.txt"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "FEDORA-2008-1783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html"
},
{
"name": "USN-581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/581-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2223"
},
{
"name": "ADV-2008-0570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0570"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "ADV-2009-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0086"
},
{
"name": "30048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29267"
},
{
"name": "ADV-2008-1412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "http://support.apple.com/kb/HT3757",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-1533",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html"
},
{
"name": "28923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28923"
},
{
"name": "32746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32746"
},
{
"name": "29048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29048"
},
{
"name": "GLSA-200803-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-24.xml"
},
{
"name": "DSA-1499",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1499"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431660",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660"
},
{
"name": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news"
},
{
"name": "28957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28957"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "36096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36096"
},
{
"name": "29009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "29027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29027"
},
{
"name": "29282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29282"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "28960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28960"
},
{
"name": "30345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30345"
},
{
"name": "20080228 rPSA-2008-0086-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488927/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "28996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28996"
},
{
"name": "APPLE-SA-2009-08-05-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086"
},
{
"name": "MDVSA-2008:053",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:053"
},
{
"name": "SUSE-SR:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "FEDORA-2008-1842",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "ADV-2008-0592",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0592"
},
{
"name": "pcre-characterclass-bo(40505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40505"
},
{
"name": "29175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29175"
},
{
"name": "1022674",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022674"
},
{
"name": "28985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28985"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "27786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27786"
},
{
"name": "https://issues.rpath.com/browse/RPL-2503",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "http://pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://pcre.org/changelog.txt"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "FEDORA-2008-1783",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html"
},
{
"name": "USN-581-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/581-1/"
},
{
"name": "https://issues.rpath.com/browse/RPL-2223",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2223"
},
{
"name": "ADV-2008-0570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0570"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "ADV-2009-2172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0086",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0086"
},
{
"name": "30048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0674",
"datePublished": "2008-02-18T22:00:00",
"dateReserved": "2008-02-11T00:00:00",
"dateUpdated": "2024-08-07T07:54:22.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7228 (GCVE-0-2006-7228)
Vulnerability from cvelistv5
Published
2007-11-14 21:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"
},
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "27776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27776"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
},
{
"name": "28050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28050"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "RHSA-2008:0546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"name": "29032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29032"
},
{
"name": "RHSA-2007:1065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"name": "31124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31124"
},
{
"name": "29085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29085"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "RHSA-2007:1077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
},
{
"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
},
{
"name": "26462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26462"
},
{
"name": "29785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29785"
},
{
"name": "RHSA-2007:1076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
},
{
"name": "RHSA-2007:1068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "ADV-2008-0637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0637"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "RHSA-2007:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"name": "ADV-2008-1234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"name": "28041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28041"
},
{
"name": "GLSA-200802-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-10.xml"
},
{
"name": "28027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28027"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "oval:org.mitre.oval:def:10810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810"
},
{
"name": "MDVSA-2008:012",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "RHSA-2007:1063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "27582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27582"
},
{
"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"
},
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "27776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27776"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
},
{
"name": "28050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28050"
},
{
"name": "MDVSA-2008:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "RHSA-2008:0546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27773"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"name": "29032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29032"
},
{
"name": "RHSA-2007:1065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"name": "31124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31124"
},
{
"name": "29085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29085"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "RHSA-2007:1077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
},
{
"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
},
{
"name": "26462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26462"
},
{
"name": "29785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29785"
},
{
"name": "RHSA-2007:1076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
},
{
"name": "RHSA-2007:1068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "ADV-2008-0637",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0637"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "RHSA-2007:1059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"name": "ADV-2008-1234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"name": "28041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28041"
},
{
"name": "GLSA-200802-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-10.xml"
},
{
"name": "28027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28027"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "oval:org.mitre.oval:def:10810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810"
},
{
"name": "MDVSA-2008:012",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"
},
{
"name": "SUSE-SA:2007:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "RHSA-2007:1063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "27582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27582"
},
{
"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-7228",
"datePublished": "2007-11-14T21:00:00",
"dateReserved": "2007-11-14T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16231 (GCVE-0-2017-16231)
Vulnerability from cvelistv5
Published
2019-03-17 16:24
Modified
2024-08-05 20:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pcre:pcre:8.41:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pcre",
"vendor": "pcre",
"versions": [
{
"status": "affected",
"version": "8.41"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-16231",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:41:43.387207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T17:59:05.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:20:05.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101688"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T16:24:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/101688"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2047"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Dec/33",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/33"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/01/11",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/11"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/01/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/3"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/01/7",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/7"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/01/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/8"
},
{
"name": "http://www.securityfocus.com/bid/101688",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/101688"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=2047",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=2047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16231",
"datePublished": "2019-03-17T16:24:52",
"dateReserved": "2017-10-30T00:00:00",
"dateUpdated": "2024-08-05T20:20:05.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3210 (GCVE-0-2015-3210)
Vulnerability from cvelistv5
Published
2016-12-13 16:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "74934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74934"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
},
{
"name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P\u003cB\u003ec)(?P\u003cB\u003ea(?P=B)))\u003eWGXCREDITS)/, a different vulnerability than CVE-2015-8384."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "74934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74934"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
},
{
"name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P\u003cB\u003ec)(?P\u003cB\u003ea(?P=B)))\u003eWGXCREDITS)/, a different vulnerability than CVE-2015-8384."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1132",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "74934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74934"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "[oss-security] 20150601 CVE-2015-3210: PCRE Library Heap Overflow Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
},
{
"name": "[oss-security] 20151202 Re: Heap Overflow in PCRE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1636",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=1636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3210",
"datePublished": "2016-12-13T16:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1951 (GCVE-0-2011-1951)
Vulnerability from cvelistv5
Published
2011-07-11 20:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git%3Ba=commit%3Bh=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709088"
},
{
"name": "[oss-security] 20110526 CVE Request -- syslog-ng -- Possible DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/05/26/1"
},
{
"name": "FEDORA-2011-8405",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062107.html"
},
{
"name": "47800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47800"
},
{
"name": "45122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-11T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git%3Ba=commit%3Bh=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709088"
},
{
"name": "[oss-security] 20110526 CVE Request -- syslog-ng -- Possible DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/05/26/1"
},
{
"name": "FEDORA-2011-8405",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062107.html"
},
{
"name": "47800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47800"
},
{
"name": "45122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45122"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1951",
"datePublished": "2011-07-11T20:00:00Z",
"dateReserved": "2011-05-09T00:00:00Z",
"dateUpdated": "2024-08-06T22:46:00.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14155 (GCVE-0-2020-14155)
Vulnerability from cvelistv5
Published
2020-06-15 00:00
Modified
2024-08-04 12:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/717920"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212147"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.gentoo.org/717920"
},
{
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"url": "https://support.apple.com/kb/HT212147"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14155",
"datePublished": "2020-06-15T00:00:00",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2325 (GCVE-0-2015-2325)
Vulnerability from cvelistv5
Published
2020-01-14 16:46
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T16:46:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1591",
"refsource": "MISC",
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"name": "https://www.pcre.org/original/changelog.txt",
"refsource": "CONFIRM",
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-15-015",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2325",
"datePublished": "2020-01-14T16:46:55",
"dateReserved": "2015-03-18T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7244 (GCVE-0-2017-7244)
Vulnerability from cvelistv5
Published
2017-03-23 21:00
Modified
2024-08-05 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97067"
},
{
"name": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7244",
"datePublished": "2017-03-23T21:00:00",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3191 (GCVE-0-2016-3191)
Vulnerability from cvelistv5
Published
2016-03-17 23:00
Modified
2024-08-05 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:58.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "84810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84810"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
},
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/815921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/815920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "84810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84810"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
},
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/815921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/815920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-3191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84810"
},
{
"name": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
},
{
"name": "RHSA-2016:1132",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "https://bugs.debian.org/815921",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/815921"
},
{
"name": "https://bugs.debian.org/815920",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/815920"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1791",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=1791"
},
{
"name": "https://www.tenable.com/security/tns-2016-18",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa128",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"name": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-3191",
"datePublished": "2016-03-17T23:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:58.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20838 (GCVE-0-2019-20838)
Vulnerability from cvelistv5
Published
2020-06-15 16:50
Modified
2024-08-05 02:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/717920"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212147"
},
{
"name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/717920"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212147"
},
{
"name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/717920",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/717920"
},
{
"name": "https://www.pcre.org/original/changelog.txt",
"refsource": "MISC",
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"name": "https://support.apple.com/kb/HT211931",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"name": "https://support.apple.com/kb/HT212147",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212147"
},
{
"name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20838",
"datePublished": "2020-06-15T16:50:48",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-05T02:53:09.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6004 (GCVE-0-2017-6004)
Vulnerability from cvelistv5
Published
2017-02-16 11:00
Modified
2024-08-05 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch"
},
{
"name": "GLSA-201706-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-11"
},
{
"name": "1037850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037850"
},
{
"name": "96295",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96295"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2035"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch"
},
{
"name": "GLSA-201706-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-11"
},
{
"name": "1037850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037850"
},
{
"name": "96295",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96295"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2035"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch",
"refsource": "CONFIRM",
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch"
},
{
"name": "GLSA-201706-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-11"
},
{
"name": "1037850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037850"
},
{
"name": "96295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96295"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=2035",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=2035"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6004",
"datePublished": "2017-02-16T11:00:00",
"dateReserved": "2017-02-15T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9769 (GCVE-0-2014-9769)
Vulnerability from cvelistv5
Published
2016-03-28 16:00
Modified
2024-08-06 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1475"
},
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/1693"
},
{
"name": "1035424",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035424"
},
{
"name": "[oss-security] 20160326 CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/26/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/819050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1475"
},
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://redmine.openinfosecfoundation.org/issues/1693"
},
{
"name": "1035424",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035424"
},
{
"name": "[oss-security] 20160326 CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/26/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/819050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-9769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1475",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1475"
},
{
"name": "85570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85570"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/1693",
"refsource": "CONFIRM",
"url": "https://redmine.openinfosecfoundation.org/issues/1693"
},
{
"name": "1035424",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035424"
},
{
"name": "[oss-security] 20160326 CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/26/1"
},
{
"name": "https://bugs.debian.org/819050",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/819050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-9769",
"datePublished": "2016-03-28T16:00:00",
"dateReserved": "2016-03-28T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4768 (GCVE-0-2007-4768)
Vulnerability from cvelistv5
Published
2007-11-07 20:00
Modified
2024-08-07 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "SUSE-SA:2007:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "28157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28157"
},
{
"name": "oval:org.mitre.oval:def:9701",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "30507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30507"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"
},
{
"name": "28570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28570"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "ADV-2008-1966",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1966/references"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "ADV-2008-1724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "TA07-355A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200801-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "239286",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "28161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "RHSA-2007:1126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "30840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30840"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "238305",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "ADV-2007-4258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "1019116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "pcre-class-unicode-bo(38278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38278"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "28213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28213"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30219"
},
{
"name": "SUSE-SA:2007:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "28157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28157"
},
{
"name": "oval:org.mitre.oval:def:9701",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "30507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30507"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"
},
{
"name": "28570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28570"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "ADV-2008-1966",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1966/references"
},
{
"name": "DSA-1570",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "ADV-2008-1724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "TA07-355A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "27697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200801-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "27543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "239286",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"
},
{
"name": "FEDORA-2008-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "28161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "RHSA-2007:1126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name": "27741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "30840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30840"
},
{
"name": "ADV-2007-3725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "238305",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "ADV-2007-4258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "1019116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "pcre-class-unicode-bo(38278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38278"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "28213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28213"
},
{
"name": "GLSA-200801-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"name": "DSA-1399",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30219"
},
{
"name": "SUSE-SA:2007:069",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29267"
},
{
"name": "USN-547-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"name": "GLSA-200711-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "28157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28157"
},
{
"name": "oval:org.mitre.oval:def:9701",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "30507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30507"
},
{
"name": "20071106 rPSA-2007-0231-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "27538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27538"
},
{
"name": "20071112 FLEA-2007-0064-1 pcre",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-13.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"
},
{
"name": "28570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28570"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "ADV-2008-1966",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1966/references"
},
{
"name": "DSA-1570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "ADV-2008-1724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "https://issues.rpath.com/browse/RPL-1738",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"name": "TA07-355A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "27697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27697"
},
{
"name": "28406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28406"
},
{
"name": "27554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27554"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200801-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "27543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27543"
},
{
"name": "[gtk-devel-list] 20071107 GLib 2.14.3",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "GLSA-200805-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2007:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"name": "239286",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"
},
{
"name": "FEDORA-2008-1842",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"name": "28161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28161"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "RHSA-2007:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name": "27741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27741"
},
{
"name": "ADV-2007-3790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"name": "30840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30840"
},
{
"name": "ADV-2007-3725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"name": "238305",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "ADV-2007-4258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "1019116",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "30155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "pcre-class-unicode-bo(38278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38278"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "28213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28213"
},
{
"name": "GLSA-200801-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"name": "DSA-1399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"name": "28414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28414"
},
{
"name": "26346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"name": "30106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4768",
"datePublished": "2007-11-07T20:00:00",
"dateReserved": "2007-09-10T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5073 (GCVE-0-2015-5073)
Vulnerability from cvelistv5
Published
2016-12-13 16:00
Modified
2024-08-06 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75430"
},
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "[oss-security] 20150626 CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/1"
},
{
"name": "[oss-security] 20150626 Re: CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1651"
},
{
"name": "1033154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033154"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571"
},
{
"name": "GLSA-201607-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "75430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75430"
},
{
"name": "RHSA-2016:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "[oss-security] 20150626 CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/1"
},
{
"name": "[oss-security] 20150626 Re: CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1651"
},
{
"name": "1033154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033154"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571"
},
{
"name": "GLSA-201607-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75430"
},
{
"name": "RHSA-2016:1132",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"name": "RHSA-2016:1025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "[oss-security] 20150626 CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/1"
},
{
"name": "[oss-security] 20150626 Re: CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/3"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1651",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=1651"
},
{
"name": "1033154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033154"
},
{
"name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup"
},
{
"name": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571"
},
{
"name": "GLSA-201607-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5073",
"datePublished": "2016-12-13T16:00:00",
"dateReserved": "2015-06-26T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2326 (GCVE-0-2015-2326)
Vulnerability from cvelistv5
Published
2020-01-14 16:46
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T16:46:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1592",
"refsource": "MISC",
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"name": "https://www.pcre.org/original/changelog.txt",
"refsource": "CONFIRM",
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-15-016",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2326",
"datePublished": "2020-01-14T16:46:57",
"dateReserved": "2015-03-18T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-01-14 17:15
Modified
2024-11-21 02:27
Severity ?
Summary
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugs.exim.org/show_bug.cgi?id=1591 | Exploit, Issue Tracking, Permissions Required, Third Party Advisory | |
| cve@mitre.org | https://fortiguard.com/zeroday/FG-VD-15-015 | Third Party Advisory | |
| cve@mitre.org | https://www.pcre.org/original/changelog.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=1591 | Exploit, Issue Tracking, Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/zeroday/FG-VD-15-015 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pcre.org/original/changelog.txt | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "380663D5-622F-49F1-8BA2-5BC5D64EA947",
"versionEndExcluding": "8.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F2E36C-4FF9-4695-96F8-63B2F755A8B2",
"versionEndExcluding": "10.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94FE4BDA-52E7-4E77-88E7-82058ECEF840",
"versionEndExcluding": "5.4.41",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3573200F-9588-413E-90CB-E35C5A510D2C",
"versionEndExcluding": "5.5.26",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA8BEC-B2AF-43B2-BF75-0F6AEC5595BF",
"versionEndExcluding": "5.6.9",
"versionStartIncluding": "5.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
},
{
"lang": "es",
"value": "La funci\u00f3n compile_branch en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar c\u00f3digo incorrecto, causar una denegaci\u00f3n de servicio (lectura de la pila fuera de l\u00edmites y bloqueo) o posiblemente tener otro impacto no especificado por medio de una expresi\u00f3n regular con un grupo que contiene una referencia directa repetida una gran n\u00famero de veces dentro de un grupo externo repetido que posee un cuantificador m\u00ednimo cero."
}
],
"id": "CVE-2015-2325",
"lastModified": "2024-11-21T02:27:13.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-14T17:15:12.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.pcre.org/original/changelog.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97067 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| cve@mitre.org | https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/ | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security.gentoo.org/glsa/201710-25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97067 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFAB169-4364-4D71-B0A8-2831D0A4D5F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _pcre32_xclass en pcre_xclass.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura de memoria no v\u00e1lida) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-7244",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T21:59:00.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-16 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2014-0534.html | Third Party Advisory | |
| cve@mitre.org | http://bugs.exim.org/show_bug.cgi?id=1546 | Issue Tracking, Permissions Required, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-0330.html | Third Party Advisory | |
| cve@mitre.org | http://www.exim.org/viewvc/pcre?view=revision&revision=1513 | Broken Link | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2015:002 | Broken Link | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2015:137 | Broken Link | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/11/21/6 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/71206 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1166147 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201607-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0534.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.exim.org/show_bug.cgi?id=1546 | Issue Tracking, Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-0330.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exim.org/viewvc/pcre?view=revision&revision=1513 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2015:002 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2015:137 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/11/21/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/71206 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1166147 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201607-02 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre | * | |
| mariadb | mariadb | * | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| oracle | solaris | 11.2 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.3 | |
| redhat | enterprise_linux_eus | 7.4 | |
| redhat | enterprise_linux_eus | 7.5 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_eus | 7.7 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.3 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_aus | 7.7 | |
| redhat | enterprise_linux_server_tus | 7.3 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.7 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84438587-2934-4B73-885D-9FD633C8CEE8",
"versionEndIncluding": "8.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29467705-2765-41F2-8466-93FB1A88ABD5",
"versionEndExcluding": "10.0.18",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en PCRE 8.36 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o tener otro impacto no especificado a trav\u00e9s de una expresi\u00f3n regular manipulada, relacionado con una aserci\u00f3n que permite cero repeticiones."
}
],
"id": "CVE-2014-8964",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-16T18:59:10.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0534.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "http://bugs.exim.org/show_bug.cgi?id=1546"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0330.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.exim.org/viewvc/pcre?view=revision\u0026revision=1513"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:002"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:137"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/21/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71206"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166147"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0534.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "http://bugs.exim.org/show_bug.cgi?id=1546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0330.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.exim.org/viewvc/pcre?view=revision\u0026revision=1513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/21/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 17:15
Modified
2024-11-21 05:02
Severity ?
Summary
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Feb/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/ | Third Party Advisory | |
| cve@mitre.org | https://bugs.gentoo.org/717920 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20221028-0010/ | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT211931 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT212147 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.pcre.org/original/changelog.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Feb/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/717920 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221028-0010/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT211931 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT212147 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pcre.org/original/changelog.txt | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre | * | |
| apple | macos | * | |
| gitlab | gitlab | * | |
| gitlab | gitlab | * | |
| gitlab | gitlab | * | |
| gitlab | gitlab | * | |
| gitlab | gitlab | * | |
| gitlab | gitlab | * | |
| oracle | communications_cloud_native_core_policy | 1.15.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | clustered_data_ontap | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE44B5A4-6CB9-4E93-A4A6-1A9152547258",
"versionEndExcluding": "8.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EE75CC-3796-416A-9E58-64788BB89240",
"versionEndExcluding": "11.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "69A326C9-D3ED-4AA3-9832-CB7C0BC8D66F",
"versionEndExcluding": "12.10.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0C533B72-56E8-40ED-8FC2-D4963DB0C397",
"versionEndExcluding": "12.10.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "6C2D99CC-CB24-43D8-A231-C76A2DAE1CFA",
"versionEndExcluding": "13.0.8",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "21BF96AA-827E-4CB3-943B-478C141917D2",
"versionEndExcluding": "13.0.8",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "51809B8F-141D-43B9-BAC5-328E9F4DD7BF",
"versionEndExcluding": "13.1.2",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "54A7E410-0F0C-414A-98AA-C3DA9B5191A5",
"versionEndExcluding": "13.1.2",
"versionStartIncluding": "13.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring."
},
{
"lang": "es",
"value": "libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un n\u00famero grande despu\u00e9s de una subcadena (?C"
}
],
"id": "CVE-2020-14155",
"lastModified": "2024-11-21T05:02:45.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T17:15:10.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/717920"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0010/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212147"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/717920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.pcre.org/original/changelog.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-14 21:46
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| secalert@redhat.com | http://scary.beasts.org/security/CESA-2007-006.html | ||
| secalert@redhat.com | http://secunia.com/advisories/27582 | Patch | |
| secalert@redhat.com | http://secunia.com/advisories/27741 | ||
| secalert@redhat.com | http://secunia.com/advisories/27773 | ||
| secalert@redhat.com | http://secunia.com/advisories/27869 | ||
| secalert@redhat.com | http://secunia.com/advisories/28406 | ||
| secalert@redhat.com | http://secunia.com/advisories/28414 | ||
| secalert@redhat.com | http://secunia.com/advisories/28658 | ||
| secalert@redhat.com | http://secunia.com/advisories/28714 | ||
| secalert@redhat.com | http://secunia.com/advisories/28720 | ||
| secalert@redhat.com | http://secunia.com/advisories/30106 | ||
| secalert@redhat.com | http://secunia.com/advisories/30155 | ||
| secalert@redhat.com | http://secunia.com/advisories/30219 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm | ||
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1570 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| secalert@redhat.com | http://www.pcre.org/changelog.txt | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1052.html | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/26462 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://scary.beasts.org/security/CESA-2007-006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27582 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27773 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27869 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28658 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1052.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26462 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03C81A67-7297-4B87-956F-D61E11FEB9F4",
"versionEndIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la librer\u00eda Perl-Compatible Regular Expression (PCRE) anterior a 6.7 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar c\u00f3digo de su elecci\u00f3n mediante una expresi\u00f3n regular que contiene un gran n\u00famero de sobpatrones con nombre (name_count) o nombres de subpatrones largos (max_name_size), lo cual dispara un desbordamiento de b\u00fafer. NOTA: este problema fue incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechadazo y dividido."
}
],
"id": "CVE-2006-7227",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-14T21:46:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/27582"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27869"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28658"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/26462"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/27582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-13 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-1025.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-2750.html | ||
| cve@mitre.org | http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup | Vendor Advisory | |
| cve@mitre.org | http://vcs.pcre.org/pcre?view=revision&revision=1571 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/06/26/1 | Mailing List | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/06/26/3 | Mailing List | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/75430 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1033154 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:1132 | ||
| cve@mitre.org | https://bugs.exim.org/show_bug.cgi?id=1651 | Exploit | |
| cve@mitre.org | https://security.gentoo.org/glsa/201607-02 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-2750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609&view=markup | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://vcs.pcre.org/pcre?view=revision&revision=1571 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/06/26/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/06/26/3 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75430 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033154 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1132 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=1651 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201607-02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161594FF-0DF8-43C8-B532-EBB20228023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0744845-0230-47E7-866A-0880832B31C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADB3502-FE99-4709-B92C-E5BEF4FD3EF6",
"versionEndIncluding": "8.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n find_fixedlength en pcre_compile.c en PCRE en versiones anteriores a 8.38 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) u obtener informaci\u00f3n sensible de la memoria din\u00e1mica y posiblemente eludir el mecanismo de protecci\u00f3n ASLR a trav\u00e9s de una expresi\u00f3n regular manipulada con un par\u00e9ntesis de cierre excesivo."
}
],
"id": "CVE-2015-5073",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-13T16:59:06.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75430"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033154"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1651"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-23 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt | ||
| secalert@redhat.com | ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U | ||
| secalert@redhat.com | http://docs.info.apple.com/article.html?artnum=302847 | ||
| secalert@redhat.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 | ||
| secalert@redhat.com | http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 | ||
| secalert@redhat.com | http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=112605112027335&w=2 | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=112606064317223&w=2 | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=130497311408250&w=2 | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=130497311408250&w=2 | ||
| secalert@redhat.com | http://secunia.com/advisories/16502 | ||
| secalert@redhat.com | http://secunia.com/advisories/16679 | ||
| secalert@redhat.com | http://secunia.com/advisories/17252 | ||
| secalert@redhat.com | http://secunia.com/advisories/17813 | ||
| secalert@redhat.com | http://secunia.com/advisories/19072 | ||
| secalert@redhat.com | http://secunia.com/advisories/19193 | ||
| secalert@redhat.com | http://secunia.com/advisories/19532 | ||
| secalert@redhat.com | http://secunia.com/advisories/21522 | ||
| secalert@redhat.com | http://secunia.com/advisories/22691 | ||
| secalert@redhat.com | http://secunia.com/advisories/22875 | ||
| secalert@redhat.com | http://securityreason.com/securityalert/604 | ||
| secalert@redhat.com | http://securitytracker.com/id?1014744 | Patch | |
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm | ||
| secalert@redhat.com | http://www.debian.org/security/2005/dsa-800 | ||
| secalert@redhat.com | http://www.debian.org/security/2005/dsa-817 | ||
| secalert@redhat.com | http://www.debian.org/security/2005/dsa-819 | ||
| secalert@redhat.com | http://www.debian.org/security/2005/dsa-821 | ||
| secalert@redhat.com | http://www.ethereal.com/appnotes/enpa-sa-00021.html | URL Repurposed | |
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml | ||
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml | ||
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml | ||
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml | ||
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2005_48_pcre.html | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2005_49_php.html | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2005_52_apache2.html | ||
| secalert@redhat.com | http://www.php.net/release_4_4_1.php | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-358.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-761.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2006-0197.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/427046/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/428138/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/428138/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/14620 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/15647 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2005/1511 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2005/2659 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/0789 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/4320 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/4502 | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=302847 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=112605112027335&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=112606064317223&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=130497311408250&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=130497311408250&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16502 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16679 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17252 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17813 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19193 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19532 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21522 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22691 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22875 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/604 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014744 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-800 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-817 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-819 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-821 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ethereal.com/appnotes/enpa-sa-00021.html | URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_48_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_49_php.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_52_apache2.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.php.net/release_4_4_1.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-358.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-761.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0197.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/427046/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/428138/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/428138/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14620 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15647 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/1511 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2659 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/0789 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4320 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4502 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E71EAB3-BEFE-4442-A18A-F2739DE3B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F23E7A02-29EF-41CE-9E05-9224F832BAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC32309-4E60-4A56-808E-5494B1CD3D2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow."
}
],
"id": "CVE-2005-2491",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "secalert@redhat.com",
"url": "http://docs.info.apple.com/article.html?artnum=302847"
},
{
"source": "secalert@redhat.com",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"source": "secalert@redhat.com",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=112605112027335\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=112606064317223\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16502"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16679"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17252"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17813"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19072"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19193"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21522"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22691"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22875"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/604"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014744"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-800"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-817"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-819"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-821"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_48_pcre.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_52_apache2.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.php.net/release_4_4_1.php"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-358.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-761.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0197.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/427046/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14620"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/15647"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/1511"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2659"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/0789"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/4320"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=302847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112605112027335\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112606064317223\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_48_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_52_apache2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.php.net/release_4_4_1.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-358.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-761.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0197.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427046/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Fixed in Apache 2.0.55:\nhttp://httpd.apache.org/security/vulnerabilities_20.html",
"lastModified": "2008-07-02T00:00:00",
"organization": "Apache"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307179 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000014.html | ||
| cve@mitre.org | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| cve@mitre.org | http://secunia.com/advisories/27538 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27543 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27547 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27554 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27598 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27697 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27741 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27773 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27776 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27862 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27965 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28136 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28406 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28414 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28658 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28714 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28720 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29420 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29785 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/30106 | ||
| cve@mitre.org | http://secunia.com/advisories/30155 | ||
| cve@mitre.org | http://secunia.com/advisories/30219 | ||
| cve@mitre.org | http://secunia.com/advisories/31124 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1018895 | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1399 | Patch | |
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1570 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:212 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:213 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_25_sr.html | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0967.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0968.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-1063.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-1065.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2008-0546.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/490917/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26346 | Patch | |
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3725 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3790 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4238 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1234/references | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=315881 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38273 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1738 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562 | ||
| cve@mitre.org | https://usn.ubuntu.com/547-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27538 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27543 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27547 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27554 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27598 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27697 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27773 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27776 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27862 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27965 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28136 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29785 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31124 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018895 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1399 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:212 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:213 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_25_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0967.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0968.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1063.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1065.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0546.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/490917/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26346 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4238 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1234/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=315881 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38273 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/547-1/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AF2E20E-2F95-4164-9E9C-FBFD5FEBFC2E",
"versionEndIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified \"multiple forms of character class\", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code."
},
{
"lang": "es",
"value": "La biblioteca Perl-Compatible Regular Expression (PCRE) anterior a la versi\u00f3n 7.0 no calcula apropiadamente los tama\u00f1os de las \"multiple forms of character class\" no especificadas, lo que desencadena un desbordamiento de b\u00fafer que permite a los atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (bloqueo) y posiblemente ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2007-1660",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-07T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27538"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27543"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27547"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27554"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27598"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27697"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27741"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27773"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27776"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27862"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27965"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28136"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28406"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28414"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28658"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28714"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28720"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29785"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31124"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018895"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:213"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0968.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=315881"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38273"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=315881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/547-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307179 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| cve@mitre.org | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| cve@mitre.org | http://secunia.com/advisories/27538 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27543 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27547 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27554 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27598 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27697 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27741 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27773 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27965 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28041 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28136 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28406 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28414 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28658 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28714 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28720 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29267 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/29420 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/30106 | ||
| cve@mitre.org | http://secunia.com/advisories/30155 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/30219 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1018895 | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1399 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1570 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:212 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_25_sr.html | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| cve@mitre.org | http://www.pcre.org/changelog.txt | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0967.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-1068.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26346 | Patch | |
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3725 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3790 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4238 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38272 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1738 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725 | ||
| cve@mitre.org | https://usn.ubuntu.com/547-1/ | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27538 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27543 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27547 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27554 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27598 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27697 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27773 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27965 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28041 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28136 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29267 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018895 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1399 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:212 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_25_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0967.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1068.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26346 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4238 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38272 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/547-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4523717D-521B-48D3-9664-07489B886917",
"versionEndIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched \"\\Q\\E\" sequences with orphan \"\\E\" codes."
},
{
"lang": "es",
"value": "La biblioteca Perl-Compatible Regular Expression (PCRE) anterior a la versi\u00f3n 7.3 permite a los atacantes dependiendo del contexto causar una denegaci\u00f3n de servicio (bloqueo) y posiblemente ejecutar c\u00f3digo arbitrario por medio de patrones regex que contienen secuencias incomparables \"\\Q\\E\" con c\u00f3digos hu\u00e9rfanos de \"\\E\"."
}
],
"id": "CVE-2007-1659",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-07T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27538"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27543"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27547"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27554"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27598"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27697"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27741"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27773"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27965"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28041"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28136"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28406"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28414"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28658"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28714"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28720"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29267"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30155"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018895"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38272"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0967.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-15 19:46
Modified
2025-04-09 00:30
Severity ?
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| secalert@redhat.com | http://secunia.com/advisories/27741 | ||
| secalert@redhat.com | http://secunia.com/advisories/27773 | ||
| secalert@redhat.com | http://secunia.com/advisories/28041 | ||
| secalert@redhat.com | http://secunia.com/advisories/28406 | ||
| secalert@redhat.com | http://secunia.com/advisories/28414 | ||
| secalert@redhat.com | http://secunia.com/advisories/28658 | ||
| secalert@redhat.com | http://secunia.com/advisories/28714 | ||
| secalert@redhat.com | http://secunia.com/advisories/28720 | ||
| secalert@redhat.com | http://secunia.com/advisories/30106 | ||
| secalert@redhat.com | http://secunia.com/advisories/30155 | ||
| secalert@redhat.com | http://secunia.com/advisories/30219 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm | ||
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1570 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| secalert@redhat.com | http://www.pcre.org/changelog.txt | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1059.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1068.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/26550 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=384801 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27773 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28658 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1059.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1068.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26550 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=384801 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AF2E20E-2F95-4164-9E9C-FBFD5FEBFC2E",
"versionEndIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions."
},
{
"lang": "es",
"value": "La librer\u00eda Perl-Compatible Regular Expression (PCRE) anterior a 7.0 no calcula adecuadamente la cantidad de memoria necesaria para un patr\u00f3n de expresi\u00f3n regular compilada cuando las opciones de UTF-8 (1) -x o (2) -i cambian dentro del patr\u00f3n, lo cual permite a atacantes remotos dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de PCRE o de glibc) mediante una expresi\u00f3n regular manipulada."
}
],
"id": "CVE-2006-7230",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-15T19:46:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28041"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28658"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/26550"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=384801"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=384801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307179 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| cve@mitre.org | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| cve@mitre.org | http://secunia.com/advisories/27538 | ||
| cve@mitre.org | http://secunia.com/advisories/27543 | ||
| cve@mitre.org | http://secunia.com/advisories/27554 | ||
| cve@mitre.org | http://secunia.com/advisories/27697 | ||
| cve@mitre.org | http://secunia.com/advisories/27741 | ||
| cve@mitre.org | http://secunia.com/advisories/28136 | ||
| cve@mitre.org | http://secunia.com/advisories/28406 | ||
| cve@mitre.org | http://secunia.com/advisories/28414 | ||
| cve@mitre.org | http://secunia.com/advisories/28714 | ||
| cve@mitre.org | http://secunia.com/advisories/28720 | ||
| cve@mitre.org | http://secunia.com/advisories/29267 | ||
| cve@mitre.org | http://secunia.com/advisories/29420 | ||
| cve@mitre.org | http://secunia.com/advisories/30106 | ||
| cve@mitre.org | http://secunia.com/advisories/30155 | ||
| cve@mitre.org | http://secunia.com/advisories/30219 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1399 | Patch | |
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1570 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| cve@mitre.org | http://www.pcre.org/changelog.txt | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26346 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3725 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3790 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4238 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38275 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1738 | ||
| cve@mitre.org | https://usn.ubuntu.com/547-1/ | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27538 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27554 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28136 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29267 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1399 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26346 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4238 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38275 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/547-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4523717D-521B-48D3-9664-07489B886917",
"versionEndIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references."
},
{
"lang": "es",
"value": "La librer\u00eda Perl-Compatible Regular Expression (PCRE) anterior a 7.3 lee m\u00e1s all\u00e1 del final de una cadena cuando busca corchetes no coincidentes y par\u00e9ntesis, lo cual permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegaci\u00f3n de servicio (ca\u00edda), posiblemente involucrando referencias hacia delante."
}
],
"id": "CVE-2007-1662",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-07T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27538"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27543"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27554"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27697"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28136"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "cve@mitre.org",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38275"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307179 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| cve@mitre.org | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| cve@mitre.org | http://secunia.com/advisories/27538 | ||
| cve@mitre.org | http://secunia.com/advisories/27543 | ||
| cve@mitre.org | http://secunia.com/advisories/27554 | ||
| cve@mitre.org | http://secunia.com/advisories/27697 | ||
| cve@mitre.org | http://secunia.com/advisories/27741 | ||
| cve@mitre.org | http://secunia.com/advisories/27773 | ||
| cve@mitre.org | http://secunia.com/advisories/28136 | ||
| cve@mitre.org | http://secunia.com/advisories/28406 | ||
| cve@mitre.org | http://secunia.com/advisories/28414 | ||
| cve@mitre.org | http://secunia.com/advisories/28714 | ||
| cve@mitre.org | http://secunia.com/advisories/28720 | ||
| cve@mitre.org | http://secunia.com/advisories/29267 | ||
| cve@mitre.org | http://secunia.com/advisories/29420 | ||
| cve@mitre.org | http://secunia.com/advisories/30106 | ||
| cve@mitre.org | http://secunia.com/advisories/30155 | ||
| cve@mitre.org | http://secunia.com/advisories/30219 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1399 | Patch | |
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1570 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| cve@mitre.org | http://www.pcre.org/changelog.txt | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26346 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3725 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3790 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4238 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38276 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1738 | ||
| cve@mitre.org | https://usn.ubuntu.com/547-1/ | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27538 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27554 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27773 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28136 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29267 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1399 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26346 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4238 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/547-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4523717D-521B-48D3-9664-07489B886917",
"versionEndIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en la librer\u00eda Perl-Compatible Regular Expression (PCRE) naterior a 7.3 permiten a atacantes locales o remotos (dependiendo del contexto) provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n mediante secuencias de escape (backslash) no especificadas."
}
],
"id": "CVE-2007-4766",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-07T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27538"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27543"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27554"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27697"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28136"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38276"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-14 17:15
Modified
2024-11-21 02:27
Severity ?
Summary
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugs.exim.org/show_bug.cgi?id=1592 | Exploit, Issue Tracking, Permissions Required, Third Party Advisory | |
| cve@mitre.org | https://fortiguard.com/zeroday/FG-VD-15-016 | Third Party Advisory | |
| cve@mitre.org | https://www.pcre.org/original/changelog.txt | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=1592 | Exploit, Issue Tracking, Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/zeroday/FG-VD-15-016 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pcre.org/original/changelog.txt | Release Notes, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "380663D5-622F-49F1-8BA2-5BC5D64EA947",
"versionEndExcluding": "8.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29467705-2765-41F2-8466-93FB1A88ABD5",
"versionEndExcluding": "10.0.18",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94FE4BDA-52E7-4E77-88E7-82058ECEF840",
"versionEndExcluding": "5.4.41",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3573200F-9588-413E-90CB-E35C5A510D2C",
"versionEndExcluding": "5.5.26",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBA8BEC-B2AF-43B2-BF75-0F6AEC5595BF",
"versionEndExcluding": "5.6.9",
"versionStartIncluding": "5.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"."
},
{
"lang": "es",
"value": "La funci\u00f3n pcre_compile2 en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar c\u00f3digo incorrecto y causar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) mediante una expresi\u00f3n regular con un grupo que contiene una llamada de subrutina de referencia directa y una referencia inversa recursiva, como es demostrado por \"((? +1)(\\1))/\"."
}
],
"id": "CVE-2015-2326",
"lastModified": "2024-11-21T02:27:13.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-14T17:15:12.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.pcre.org/original/changelog.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307179 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| cve@mitre.org | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| cve@mitre.org | http://secunia.com/advisories/27538 | ||
| cve@mitre.org | http://secunia.com/advisories/27543 | ||
| cve@mitre.org | http://secunia.com/advisories/27554 | ||
| cve@mitre.org | http://secunia.com/advisories/27697 | ||
| cve@mitre.org | http://secunia.com/advisories/27741 | ||
| cve@mitre.org | http://secunia.com/advisories/27773 | ||
| cve@mitre.org | http://secunia.com/advisories/28136 | ||
| cve@mitre.org | http://secunia.com/advisories/28406 | ||
| cve@mitre.org | http://secunia.com/advisories/28414 | ||
| cve@mitre.org | http://secunia.com/advisories/28714 | ||
| cve@mitre.org | http://secunia.com/advisories/28720 | ||
| cve@mitre.org | http://secunia.com/advisories/29267 | ||
| cve@mitre.org | http://secunia.com/advisories/29420 | ||
| cve@mitre.org | http://secunia.com/advisories/30106 | ||
| cve@mitre.org | http://secunia.com/advisories/30155 | ||
| cve@mitre.org | http://secunia.com/advisories/30219 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1399 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1570 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| cve@mitre.org | http://www.pcre.org/changelog.txt | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26346 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3725 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3790 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4238 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38277 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1738 | ||
| cve@mitre.org | https://usn.ubuntu.com/547-1/ | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27538 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27554 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27773 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28136 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29267 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1399 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26346 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4238 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38277 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/547-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "546807AB-6BF5-4A4C-A3E4-516C982BA751",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C79718A-3ECF-4A5B-8C4D-B3458521248B",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4523717D-521B-48D3-9664-07489B886917",
"versionEndIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \\p sequence, (2) a \\P sequence, or (3) a \\P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code."
},
{
"lang": "es",
"value": "La librer\u00eda Perl-Compatible Regular Expression (PCRE) anterior a 7.3 no computa adecuadamente la longitud de (1) una secuencia \\p, (2) una secuencia \\P, o (3) una secuencia \\P{x}, lo cual permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (bucle infinito o ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n."
}
],
"id": "CVE-2007-4767",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-07T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27538"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27543"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27554"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27697"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28136"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38277"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-03 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/79825 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1034555 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:1132 | Third Party Advisory | |
| cve@mitre.org | https://bto.bluecoat.com/security-advisory/sa128 | Permissions Required, Third Party Advisory | |
| cve@mitre.org | https://bugs.exim.org/show_bug.cgi?id=1767 | Exploit, Issue Tracking, Permissions Required, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201607-02 | Third Party Advisory | |
| cve@mitre.org | https://www.tenable.com/security/tns-2016-18 | Third Party Advisory | |
| cve@mitre.org | https://www.tenable.com/security/tns-2017-14 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/79825 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034555 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1132 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bto.bluecoat.com/security-advisory/sa128 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=1767 | Exploit, Issue Tracking, Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201607-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2016-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2017-14 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD39B35-C14D-4044-A050-660FE4EE6AC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F77DCAA-4C00-4322-A465-6ED336BBFF18",
"versionEndExcluding": "5.6.32",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FED5332-FB60-4EC7-9018-14E7DE0FF72E",
"versionEndExcluding": "7.0.25",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52497E39-05A7-4C19-96FF-27449D146E3B",
"versionEndExcluding": "7.1.11",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?\u0027R\u0027(?\u0027R\u0027\u003c((?\u0027RR\u0027(?\u0027R\u0027\\){97)?J)?J)(?\u0027R\u0027(?\u0027R\u0027\\){99|(:(?|(?\u0027R\u0027)(\\k\u0027R\u0027)|((?\u0027R\u0027)))H\u0027R\u0027R)(H\u0027R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
},
{
"lang": "es",
"value": "La funci\u00f3n pcre_compile2 en pcre_compile.c en PCRE 8.38 no maneja correctamente el patr\u00f3n /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?\u0027R\u0027(?\u0027R\u0027\u003c((?\u0027RR\u0027(?\u0027R\u0027\\){97)?J)?J)(?\u0027R\u0027(?\u0027R\u0027\\){99|(:(?|(?\u0027R\u0027)(\\k\u0027R\u0027)|((?\u0027R\u0027)))H\u0027R\u0027R)(H\u0027R))))))/ y los patrones relacionados con los subgrupos nombrados, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica) o posiblemente tener otro impacto no especificado a trav\u00e9s de una expresi\u00f3n regular manipulada, seg\u00fan lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror."
}
],
"id": "CVE-2016-1283",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-03T00:59:03.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/79825"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034555"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.343110"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1767"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/79825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.343110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307179 | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html | ||
| cve@mitre.org | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| cve@mitre.org | http://secunia.com/advisories/27538 | ||
| cve@mitre.org | http://secunia.com/advisories/27543 | ||
| cve@mitre.org | http://secunia.com/advisories/27554 | ||
| cve@mitre.org | http://secunia.com/advisories/27697 | ||
| cve@mitre.org | http://secunia.com/advisories/27741 | ||
| cve@mitre.org | http://secunia.com/advisories/28136 | ||
| cve@mitre.org | http://secunia.com/advisories/28157 | ||
| cve@mitre.org | http://secunia.com/advisories/28161 | ||
| cve@mitre.org | http://secunia.com/advisories/28213 | ||
| cve@mitre.org | http://secunia.com/advisories/28406 | ||
| cve@mitre.org | http://secunia.com/advisories/28414 | ||
| cve@mitre.org | http://secunia.com/advisories/28570 | ||
| cve@mitre.org | http://secunia.com/advisories/28714 | ||
| cve@mitre.org | http://secunia.com/advisories/28720 | ||
| cve@mitre.org | http://secunia.com/advisories/29267 | ||
| cve@mitre.org | http://secunia.com/advisories/29420 | ||
| cve@mitre.org | http://secunia.com/advisories/30106 | ||
| cve@mitre.org | http://secunia.com/advisories/30155 | ||
| cve@mitre.org | http://secunia.com/advisories/30219 | ||
| cve@mitre.org | http://secunia.com/advisories/30507 | ||
| cve@mitre.org | http://secunia.com/advisories/30840 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1019116 | ||
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 | ||
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 | ||
| cve@mitre.org | http://www.adobe.com/support/security/bulletins/apsb07-20.html | ||
| cve@mitre.org | http://www.adobe.com/support/security/bulletins/apsb08-13.html | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1399 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1570 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-1126.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26346 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-355A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3725 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3790 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4238 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4258 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1724/references | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1966/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/38278 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1738 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701 | ||
| cve@mitre.org | https://usn.ubuntu.com/547-1/ | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27538 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27554 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28136 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28157 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28161 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28213 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29267 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30507 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30840 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb07-20.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb08-13.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1399 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1126.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483357/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483579/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26346 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-352A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-355A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4238 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4258 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1724/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1966/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/38278 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/547-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "546807AB-6BF5-4A4C-A3E4-516C982BA751",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C79718A-3ECF-4A5B-8C4D-B3458521248B",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4523717D-521B-48D3-9664-07489B886917",
"versionEndIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en la librer\u00eda Perl-Compatible Regular Expression (PCRE) anterior a 7.3 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar c\u00f3digo de su elecci\u00f3n mediante una secuencia de caracteres Unicode unitarios en una clase character de un patr\u00f3n de expresi\u00f3n regular, lo cual est\u00e1 optimizado incorrectamente."
}
],
"id": "CVE-2007-4768",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-07T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27538"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27543"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27554"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27697"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28136"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28157"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28161"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28213"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28570"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30507"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30840"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019116"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1966/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38278"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483357/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1966/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/547-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97067 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| cve@mitre.org | https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security.gentoo.org/glsa/201710-25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97067 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFAB169-4364-4D71-B0A8-2831D0A4D5F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en la pila en la funci\u00f3n pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (WRITE de tama\u00f1o 4) o posiblemente tener otro impacto no especificado a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-7245",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T21:59:00.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-02 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-1025.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-2750.html | Third Party Advisory | |
| cve@mitre.org | http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup | Broken Link | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/11/29/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/82990 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:1132 | Third Party Advisory | |
| cve@mitre.org | https://bto.bluecoat.com/security-advisory/sa128 | Permissions Required | |
| cve@mitre.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201607-02 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20230216-0002/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1025.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-2750.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/11/29/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/82990 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1132 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bto.bluecoat.com/security-advisory/sa128 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201607-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230216-0002/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre | * | |
| oracle | linux | 7 | |
| fedoraproject | fedora | 22 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.2 | |
| redhat | enterprise_linux_eus | 7.3 | |
| redhat | enterprise_linux_eus | 7.4 | |
| redhat | enterprise_linux_eus | 7.5 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_eus | 7.7 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.2 | |
| redhat | enterprise_linux_server_aus | 7.3 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_aus | 7.7 | |
| redhat | enterprise_linux_server_tus | 7.2 | |
| redhat | enterprise_linux_server_tus | 7.3 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.7 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| php | php | * | |
| php | php | * | |
| php | php | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "656970DA-5D08-4597-BD88-D0A9D5B7EF65",
"versionEndExcluding": "8.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B055DFDD-2D3F-40CD-A62E-1D9B1C005771",
"versionEndExcluding": "5.5.32",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04060332-EC2C-4281-A627-8FBDCEB79154",
"versionEndExcluding": "5.6.18",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A20A620-CDCF-4496-86E9-1ECA1A3C665E",
"versionEndExcluding": "7.0.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
},
{
"lang": "es",
"value": "La funci\u00f3n pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidaci\u00f3n [: , lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU) o posiblemente tener otro impacto no especificado a trav\u00e9s de una expresi\u00f3n regular manipulada, seg\u00fan lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror."
}
],
"id": "CVE-2015-8391",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-02T01:59:15.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82990"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-02"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230216-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-28 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://vcs.pcre.org/pcre?view=revision&revision=1475 | ||
| security@debian.org | http://www.openwall.com/lists/oss-security/2016/03/26/1 | ||
| security@debian.org | http://www.securityfocus.com/bid/85570 | ||
| security@debian.org | http://www.securitytracker.com/id/1035424 | ||
| security@debian.org | https://bugs.debian.org/819050 | ||
| security@debian.org | https://redmine.openinfosecfoundation.org/issues/1693 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://vcs.pcre.org/pcre?view=revision&revision=1475 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/03/26/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/85570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035424 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/819050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://redmine.openinfosecfoundation.org/issues/1693 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA3CC4F-1797-46D8-8C3D-0605E71C5EAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset."
},
{
"lang": "es",
"value": "pcre_jit_compile.c en PCRE 8.35 no utiliza correctamente saltos de tabla para optimizar alternativas anidadas, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria de pila) o posiblemente tener otro impacto no especificado a trav\u00e9s de una cadena manipulada, seg\u00fan lo demostrado por paquetes encontrados por Suricata durante el uso de una expresi\u00f3n regular en un conjunto de reglas Emerging Threats Open."
}
],
"id": "CVE-2014-9769",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-28T16:59:00.113",
"references": [
{
"source": "security@debian.org",
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1475"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2016/03/26/1"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/85570"
},
{
"source": "security@debian.org",
"url": "http://www.securitytracker.com/id/1035424"
},
{
"source": "security@debian.org",
"url": "https://bugs.debian.org/819050"
},
{
"source": "security@debian.org",
"url": "https://redmine.openinfosecfoundation.org/issues/1693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/85570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/819050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://redmine.openinfosecfoundation.org/issues/1693"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 17:15
Modified
2024-11-21 04:39
Severity ?
Summary
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Feb/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugs.gentoo.org/717920 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT211931 | Vendor Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT212147 | Vendor Advisory | |
| cve@mitre.org | https://www.pcre.org/original/changelog.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Feb/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/717920 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT211931 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT212147 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pcre.org/original/changelog.txt | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre | * | |
| apple | macos | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A872F624-E3E1-4213-A77D-782BAB4C0EA6",
"versionEndExcluding": "8.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EE75CC-3796-416A-9E58-64788BB89240",
"versionEndExcluding": "11.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454."
},
{
"lang": "es",
"value": "libpcre en PCRE versiones anteriores a 8.43, permite una lectura excesiva del b\u00fafer del asunto en JIT cuando UTF es deshabilitado, y \\X o \\R contiene m\u00e1s de un cuantificador corregido, un problema relacionado con CVE-2019-20454"
}
],
"id": "CVE-2019-20838",
"lastModified": "2024-11-21T04:39:29.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T17:15:09.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugs.gentoo.org/717920"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212147"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugs.gentoo.org/717920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT212147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.pcre.org/original/changelog.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-11 03:29
Modified
2025-04-20 01:37
Severity ?
Summary
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/07/11/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/04/11/1 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/04/12/1 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/99575 | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/07/11/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/04/11/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/04/12/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99575 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4917CD-FA24-46D5-89D2-0E6785BF2CDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression."
},
{
"lang": "es",
"value": "En PCRE versi\u00f3n 8.41, la funci\u00f3n OP_KETRMAX en la funci\u00f3n de coincidencia en el archivo pcre_exec.c permite el agotamiento de la pila (recursi\u00f3n no controlada) cuando se procesa una expresi\u00f3n regular creada."
}
],
"id": "CVE-2017-11164",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-11T03:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/07/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2023/04/11/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2023/04/12/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/99575"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/07/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/04/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/04/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/99575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-13 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2016-2750.html | Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2015/06/01/7 | Mailing List | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2015/12/02/11 | Mailing List | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74934 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:1132 | Third Party Advisory | |
| secalert@redhat.com | https://bugs.exim.org/show_bug.cgi?id=1636 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-2750.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/06/01/7 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/02/11 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74934 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1132 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=1636 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre2:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E64C5505-F782-443F-944C-AC17B8468406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F6876A94-2609-41CE-975E-F1ADAE1BD782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA3CC4F-1797-46D8-8C3D-0605E71C5EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*",
"matchCriteriaId": "909CD13B-E836-4EBF-9433-55B4EFFE2DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*",
"matchCriteriaId": "EF43E164-05C2-42A8-82CA-D1B643875C2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P\u003cB\u003ec)(?P\u003cB\u003ea(?P=B)))\u003eWGXCREDITS)/, a different vulnerability than CVE-2015-8384."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en PCRE 8.34 hasta la versi\u00f3n 8.37 y PCRE2 10.10 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una expresi\u00f3n regular manipulada, seg\u00fan lo demostrado por /^(?P=B)((?P=B)(?J:(?P\n\u003cb\u003ec)(?P\u003cb\u003ea(?P=B)))\u003eWGXCREDITS)/, una vulnerabilidad diferente a CVE-2015-8384.\u003c/b\u003e\u003c/b\u003e"
}
],
"id": "CVE-2015-3210",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-13T16:59:00.187",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74934"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/01/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1636"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-16 11:59
Modified
2025-04-20 01:37
Severity ?
Summary
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96295 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1037850 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| cve@mitre.org | https://bugs.exim.org/show_bug.cgi?id=2035 | Issue Tracking, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://security.gentoo.org/glsa/201706-11 | ||
| cve@mitre.org | https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96295 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037850 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=2035 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201706-11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67B7289A-D5A8-4246-A98E-4B7F1F8A9AFC",
"versionEndIncluding": "8.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression."
},
{
"lang": "es",
"value": "La funci\u00f3n compile_bracket_matchingpath en pcre_jit_compile.c en PCRE hasta la versi\u00f3n 8.x en versiones anteriores a la revisi\u00f3n 1680 (por ejemplo, la versi\u00f3n empacada de PHP 7.1.1) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una expresi\u00f3n regular manipulada."
}
],
"id": "CVE-2017-6004",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-16T11:59:00.147",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96295"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037850"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2035"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201706-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201706-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-02 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-1025.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-2750.html | ||
| cve@mitre.org | http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup | Exploit | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | ||
| cve@mitre.org | http://www.fortiguard.com/advisory/FG-VD-15-014/ | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/11/29/1 | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/74924 | ||
| cve@mitre.org | https://bugs.exim.org/show_bug.cgi?id=1515 | Exploit | |
| cve@mitre.org | https://jira.mongodb.org/browse/SERVER-17252 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-2750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/advisory/FG-VD-15-014/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/11/29/1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74924 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=1515 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.mongodb.org/browse/SERVER-17252 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E109BA49-3C0C-471D-A71B-C3938479625D",
"versionEndIncluding": "8.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror."
},
{
"lang": "es",
"value": "PCRE en versiones anteriores a 8.36 no maneja correctamente el patr\u00f3n /((?(R)a|(?1)))+/ y patrones relacionados con cierta recursi\u00f3n, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de una expresi\u00f3n regular manipulada, seg\u00fan lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror."
}
],
"id": "CVE-2015-2328",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-02T01:59:01.880",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fortiguard.com/advisory/FG-VD-15-014/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74924"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1515"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://jira.mongodb.org/browse/SERVER-17252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fortiguard.com/advisory/FG-VD-15-014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jira.mongodb.org/browse/SERVER-17252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-13 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2016-1025.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2016-2750.html | ||
| secalert@redhat.com | http://vcs.pcre.org/pcre?view=revision&revision=1566 | Patch | |
| secalert@redhat.com | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2015/06/03/7 | Mailing List | |
| secalert@redhat.com | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/75018 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:1132 | ||
| secalert@redhat.com | https://bugs.exim.org/show_bug.cgi?id=1638 | Exploit, Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1228283 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-2750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://vcs.pcre.org/pcre?view=revision&revision=1566 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/06/03/7 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75018 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1132 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=1638 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1228283 | Issue Tracking |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre2:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E64C5505-F782-443F-944C-AC17B8468406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "880F4520-1DD8-4423-B0E0-B3783F971167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE5EE9A-0FA0-4851-8AF3-D884B88B2E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*",
"matchCriteriaId": "5A61CB8C-6504-4602-91A5-C1595C12F6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F6876A94-2609-41CE-975E-F1ADAE1BD782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA3CC4F-1797-46D8-8C3D-0605E71C5EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*",
"matchCriteriaId": "909CD13B-E836-4EBF-9433-55B4EFFE2DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*",
"matchCriteriaId": "EF43E164-05C2-42A8-82CA-D1B643875C2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161594FF-0DF8-43C8-B532-EBB20228023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0744845-0230-47E7-866A-0880832B31C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/."
},
{
"lang": "es",
"value": "PCRE 7.8 y 8.32 hasta la versi\u00f3n 8.37 y PCRE2 10.10 no maneja adecuadamente las partidas de grupo vac\u00edas, lo que podr\u00edan permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (desbordamientos de b\u00fafer basado en pila) a trav\u00e9s de una expresi\u00f3n regular manipulada, seg\u00fan lo demostrado por /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/."
}
],
"id": "CVE-2015-3217",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-13T16:59:02.220",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75018"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1638"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/03/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97067 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| cve@mitre.org | https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security.gentoo.org/glsa/201710-25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97067 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFAB169-4364-4D71-B0A8-2831D0A4D5F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (WRITE de tama\u00f1o 268) o posiblemente tener otro impacto no especificado a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2017-7246",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T21:59:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-25"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-14 21:46
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| secalert@redhat.com | http://lists.vmware.com/pipermail/security-announce/2008/000005.html | ||
| secalert@redhat.com | http://lists.vmware.com/pipermail/security-announce/2008/000014.html | ||
| secalert@redhat.com | http://scary.beasts.org/security/CESA-2007-006.html | ||
| secalert@redhat.com | http://secunia.com/advisories/27582 | Patch | |
| secalert@redhat.com | http://secunia.com/advisories/27741 | ||
| secalert@redhat.com | http://secunia.com/advisories/27773 | ||
| secalert@redhat.com | http://secunia.com/advisories/27776 | ||
| secalert@redhat.com | http://secunia.com/advisories/28027 | ||
| secalert@redhat.com | http://secunia.com/advisories/28041 | ||
| secalert@redhat.com | http://secunia.com/advisories/28050 | ||
| secalert@redhat.com | http://secunia.com/advisories/28406 | ||
| secalert@redhat.com | http://secunia.com/advisories/28414 | ||
| secalert@redhat.com | http://secunia.com/advisories/28658 | ||
| secalert@redhat.com | http://secunia.com/advisories/28714 | ||
| secalert@redhat.com | http://secunia.com/advisories/28720 | ||
| secalert@redhat.com | http://secunia.com/advisories/29032 | ||
| secalert@redhat.com | http://secunia.com/advisories/29085 | ||
| secalert@redhat.com | http://secunia.com/advisories/29785 | ||
| secalert@redhat.com | http://secunia.com/advisories/30106 | ||
| secalert@redhat.com | http://secunia.com/advisories/30155 | ||
| secalert@redhat.com | http://secunia.com/advisories/30219 | ||
| secalert@redhat.com | http://secunia.com/advisories/31124 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200802-10.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm | ||
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1570 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| secalert@redhat.com | http://www.pcre.org/changelog.txt | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1059.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1063.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1065.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1068.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1076.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1077.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0546.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/488457/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/490917/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/26462 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/0637 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/1234/references | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=383371 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=198976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://scary.beasts.org/security/CESA-2007-006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27582 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27773 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27776 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28027 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28406 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28658 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28714 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29032 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29085 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29785 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30155 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31124 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-30.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-18.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200801-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200802-10.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200805-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1059.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1063.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1065.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1068.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1076.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0546.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/488457/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/490917/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26462 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0637 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1234/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=383371 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03C81A67-7297-4B87-956F-D61E11FEB9F4",
"versionEndIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."
},
{
"lang": "es",
"value": "Desbordamiento de entero en librer\u00eda Perl-Compatible Regular Expression (PCRE) anterior a 6.7 podr\u00eda permitir a atacantes locales o remotos (dependiendo del contexto) ejecutar c\u00f3digo de su elecci\u00f3n mediante una expresi\u00f3n regular que involucra grandes valores (1) min, (2) max, o (3) duplength que provocan un c\u00e1lculo incorrecto de la longitud y disparan un desbordamiento de b\u00fafer, una vulnerabilidad diferente de CVE-2006-7227. NOTA: este problema estaba incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechazado y dividido."
}
],
"id": "CVE-2006-7228",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-14T21:46:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/27582"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27776"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28027"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28041"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28050"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28658"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29032"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29085"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29785"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31124"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200802-10.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/26462"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0637"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/27582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200802-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1234/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-17 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://rhn.redhat.com/errata/RHSA-2016-1025.html | ||
| security@debian.org | http://vcs.pcre.org/pcre2?view=revision&revision=489 | ||
| security@debian.org | http://vcs.pcre.org/pcre?view=revision&revision=1631 | ||
| security@debian.org | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | ||
| security@debian.org | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | ||
| security@debian.org | http://www.securityfocus.com/bid/84810 | ||
| security@debian.org | https://access.redhat.com/errata/RHSA-2016:1132 | ||
| security@debian.org | https://bto.bluecoat.com/security-advisory/sa128 | ||
| security@debian.org | https://bugs.debian.org/815920 | ||
| security@debian.org | https://bugs.debian.org/815921 | ||
| security@debian.org | https://bugs.exim.org/show_bug.cgi?id=1791 | Exploit | |
| security@debian.org | https://bugzilla.redhat.com/show_bug.cgi?id=1311503 | ||
| security@debian.org | https://www.tenable.com/security/tns-2016-18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://vcs.pcre.org/pcre2?view=revision&revision=489 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://vcs.pcre.org/pcre?view=revision&revision=1631 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84810 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1132 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bto.bluecoat.com/security-advisory/sa128 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/815920 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/815921 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=1791 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1311503 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2016-18 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre | 8.00 | |
| pcre | pcre | 8.01 | |
| pcre | pcre | 8.02 | |
| pcre | pcre | 8.10 | |
| pcre | pcre | 8.11 | |
| pcre | pcre | 8.12 | |
| pcre | pcre | 8.13 | |
| pcre | pcre | 8.20 | |
| pcre | pcre | 8.21 | |
| pcre | pcre | 8.30 | |
| pcre | pcre | 8.31 | |
| pcre | pcre | 8.32 | |
| pcre | pcre | 8.33 | |
| pcre | pcre | 8.34 | |
| pcre | pcre | 8.35 | |
| pcre | pcre | 8.36 | |
| pcre | pcre | 8.37 | |
| pcre | pcre | 8.38 | |
| pcre | pcre2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BE157F38-24DB-4B12-9964-F514A303C294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F80172-754F-4FB1-9E84-F8EC1A6B0EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C109C2A1-BF9D-48CB-A027-82F3F3FA261B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A8DB81-0B55-4E50-A149-C1E82BDAD0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D96300-9CEF-4F64-A76F-11B1AB312579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "61D64759-714E-47D8-B578-CCE4B59086EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC08805-B9FC-4D8B-B486-813E4398DBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD12533-1D1E-4931-B687-CBC0A17DBF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2768BD-07FF-4C8C-8370-E84AE8D0707A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9BE45-3F45-4F46-9C15-86AA2CD3F2E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0CD596-3719-425E-9327-8DEE38AB138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.32:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE5EE9A-0FA0-4851-8AF3-D884B88B2E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.33:*:*:*:*:*:*:*",
"matchCriteriaId": "5A61CB8C-6504-4602-91A5-C1595C12F6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F6876A94-2609-41CE-975E-F1ADAE1BD782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA3CC4F-1797-46D8-8C3D-0605E71C5EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.36:*:*:*:*:*:*:*",
"matchCriteriaId": "909CD13B-E836-4EBF-9433-55B4EFFE2DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.37:*:*:*:*:*:*:*",
"matchCriteriaId": "EF43E164-05C2-42A8-82CA-D1B643875C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre:8.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD39B35-C14D-4044-A050-660FE4EE6AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B739148-6299-4DD1-BDE5-608BDF01A44F",
"versionEndIncluding": "10.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
},
{
"lang": "es",
"value": "La funci\u00f3n compile_branch en pcre_compile.c en PCRE 8.x en versiones anteriores a 8.39 y pcre2_compile.c en PCRE2 en versiones anteriores a 10.22 no maneja correctamente patrones que contienen una subcadena (*ACCEPT) en conjunci\u00f3n con par\u00e9ntesis anidados, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en pila) a trav\u00e9s de una expresi\u00f3n regular manipuada, seg\u00fan lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror, tambi\u00e9n conocido como ZDI-CAN-3542."
}
],
"id": "CVE-2016-3191",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-17T23:59:01.447",
"references": [
{
"source": "security@debian.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "security@debian.org",
"url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
},
{
"source": "security@debian.org",
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
},
{
"source": "security@debian.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "security@debian.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/84810"
},
{
"source": "security@debian.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "security@debian.org",
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"source": "security@debian.org",
"url": "https://bugs.debian.org/815920"
},
{
"source": "security@debian.org",
"url": "https://bugs.debian.org/815921"
},
{
"source": "security@debian.org",
"tags": [
"Exploit"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1791"
},
{
"source": "security@debian.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
},
{
"source": "security@debian.org",
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/815920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/815921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/tns-2016-18"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-18 23:00
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html | ||
| secalert@redhat.com | http://pcre.org/changelog.txt | ||
| secalert@redhat.com | http://secunia.com/advisories/28923 | ||
| secalert@redhat.com | http://secunia.com/advisories/28957 | ||
| secalert@redhat.com | http://secunia.com/advisories/28960 | ||
| secalert@redhat.com | http://secunia.com/advisories/28985 | ||
| secalert@redhat.com | http://secunia.com/advisories/28996 | ||
| secalert@redhat.com | http://secunia.com/advisories/29027 | ||
| secalert@redhat.com | http://secunia.com/advisories/29048 | ||
| secalert@redhat.com | http://secunia.com/advisories/29175 | ||
| secalert@redhat.com | http://secunia.com/advisories/29267 | ||
| secalert@redhat.com | http://secunia.com/advisories/29282 | ||
| secalert@redhat.com | http://secunia.com/advisories/30048 | ||
| secalert@redhat.com | http://secunia.com/advisories/30345 | ||
| secalert@redhat.com | http://secunia.com/advisories/31326 | ||
| secalert@redhat.com | http://secunia.com/advisories/32222 | ||
| secalert@redhat.com | http://secunia.com/advisories/32746 | ||
| secalert@redhat.com | http://secunia.com/advisories/36096 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200803-24.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200811-05.xml | ||
| secalert@redhat.com | http://support.apple.com/kb/HT3216 | ||
| secalert@redhat.com | http://support.apple.com/kb/HT3757 | ||
| secalert@redhat.com | http://wiki.rpath.com/Advisories:rPSA-2008-0086 | ||
| secalert@redhat.com | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086 | ||
| secalert@redhat.com | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176 | ||
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1499 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:053 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2008/05/02/2 | ||
| secalert@redhat.com | http://www.php.net/ChangeLog-5.php | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/488927/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/492535/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/27786 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/29009 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/31681 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1022674 | ||
| secalert@redhat.com | http://www.us-cert.gov/cas/techalerts/TA09-218A.html | US Government Resource | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/0570 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/0592 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/1412 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2268 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2780 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2172 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=431660 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/40505 | ||
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-2223 | ||
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-2503 | ||
| secalert@redhat.com | https://usn.ubuntu.com/581-1/ | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28923 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28957 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28960 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28985 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28996 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29027 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29048 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29267 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29282 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30048 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30345 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31326 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32222 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32746 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200803-24.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200811-05.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3216 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3757 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2008-0086 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1499 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:053 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/05/02/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.php.net/ChangeLog-5.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/488927/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/492535/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27786 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29009 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31681 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022674 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-218A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0592 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1412 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2268 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2780 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2172 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=431660 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/40505 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-2223 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-2503 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/581-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F951194-3ECA-4CDA-8363-010C9E1D9785",
"versionEndIncluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en PCRE antes de 7.6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una expresi\u00f3n regular que contiene un car\u00e1cter class con un n\u00famero grande de caracteres con puntos de c\u00f3digo Unicode mayores de 255."
}
],
"id": "CVE-2008-0674",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-18T23:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"source": "secalert@redhat.com",
"url": "http://pcre.org/changelog.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28923"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28957"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28960"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28985"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28996"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29027"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29048"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29175"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29282"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30048"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30345"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32222"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32746"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/36096"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200803-24.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT3216"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT3757"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0086"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1499"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:053"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/488927/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/27786"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1022674"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0570"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0592"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40505"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2223"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/581-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488927/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/581-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2008-02-20T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-07 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=228091 | Exploit, Issue Tracking | |
| secalert@redhat.com | http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes | Third Party Advisory | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | Mailing List | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | Mailing List | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=124654546101607&w=2 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=124654546101607&w=2 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=125631037611762&w=2 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=125631037611762&w=2 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/30916 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/30944 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/30945 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/30958 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/30961 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/30967 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/30972 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/30990 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/31200 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/32222 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/32454 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/32746 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/35074 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/35650 | Not Applicable | |
| secalert@redhat.com | http://secunia.com/advisories/39300 | Not Applicable | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200811-05.xml | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT3216 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT3549 | Third Party Advisory | |
| secalert@redhat.com | http://ubuntu.com/usn/usn-624-2 | Third Party Advisory | |
| secalert@redhat.com | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305 | Broken Link, Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1602 | Third Party Advisory | |
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml | Third Party Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:147 | Broken Link, Third Party Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 | Broken Link, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/497828/100/0/threaded | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/30087 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/31681 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-624-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-628-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory, US Government Resource | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2005 | Permissions Required, Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2006 | Permissions Required, Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2336 | Permissions Required, Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/2780 | Permissions Required, Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1297 | Permissions Required, Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0833 | Permissions Required, Third Party Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html | Third Party Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=228091 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=124654546101607&w=2 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=124654546101607&w=2 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=125631037611762&w=2 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=125631037611762&w=2 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30916 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30944 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30945 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30958 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30961 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30967 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30972 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30990 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31200 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32222 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32454 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32746 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35074 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35650 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39300 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200811-05.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3216 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3549 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ubuntu.com/usn/usn-624-2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1602 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:147 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/497828/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30087 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31681 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-624-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-628-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2005 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2006 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2336 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2780 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1297 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0833 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pcre | pcre | 7.7 | |
| php | php | * | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 9.10 | |
| fedoraproject | fedora | 8 | |
| fedoraproject | fedora | 9 | |
| opensuse | opensuse | 10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "02EE6AD6-3A1D-4D53-83DB-C5FA6598FC03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C110295-EB1A-4B94-B252-B1062A51E864",
"versionEndIncluding": "5.2.7",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en pcre_compile.c en la biblioteca Perl-Compatible Regular Expression (PCRE) 7.7, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) o la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de expresiones regulares que comienzan con un opci\u00f3n y contienen m\u00faltiples ramas."
}
],
"id": "CVE-2008-2371",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-07T23:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=228091"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30916"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30944"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30945"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30958"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30967"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30972"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30990"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/31200"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/32222"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/32454"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/32746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/35650"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/39300"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://ubuntu.com/usn/usn-624-2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1602"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30087"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-624-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2005"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2006"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2336"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0833"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=228091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/30990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/31200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/32222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/32454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/32746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/35650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/39300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://ubuntu.com/usn/usn-624-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-624-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2008-07-08T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 15:59
Modified
2024-11-21 03:16
Severity ?
Summary
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Dec/33 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/11/01/11 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/11/01/3 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/11/01/7 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/11/01/8 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/101688 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.exim.org/show_bug.cgi?id=2047 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Dec/33 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/11/01/11 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/11/01/3 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/11/01/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/11/01/8 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101688 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=2047 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4917CD-FA24-46D5-89D2-0E6785BF2CDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used"
},
{
"lang": "es",
"value": "** EN DISPUTA ** En PCRE 8.41, tras la compilaci\u00f3n, una prueba de concepto de carga pcrtest produce un desbordamiento de cierre en la funci\u00f3n match() en pcre_exec.c debido a una llamada autorecursiva. NOTA: los terceros discuten la relevancia de este informe, indicando que hay opciones que pueden emplearse para limitar la cantidad de pila que se emplea."
}
],
"id": "CVE-2017-16231",
"lastModified": "2024-11-21T03:16:05.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-03-21T15:59:56.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101688"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/01/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2047"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| secalert@redhat.com | http://scary.beasts.org/security/CESA-2007-006.html | ||
| secalert@redhat.com | http://secunia.com/advisories/27582 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/27773 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/27869 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28658 | Vendor Advisory | |
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| secalert@redhat.com | http://www.pcre.org/changelog.txt | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-1052.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/26462 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://scary.beasts.org/security/CESA-2007-006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27582 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27773 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27869 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_62_pcre.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pcre.org/changelog.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-1052.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26462 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11615 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C79718A-3ECF-4A5B-8C4D-B3458521248B",
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."
}
],
"id": "CVE-2005-4872",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27582"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27773"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27869"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28658"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/26462"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pcre.org/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11615"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-11 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git%3Ba=commit%3Bh=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062107.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/45122 | Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/05/26/1 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/47800 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=709088 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git%3Ba=commit%3Bh=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062107.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/45122 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/05/26/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47800 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=709088 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oneidentity | syslog-ng | * | |
| pcre | pcre | 8.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687E9AB-E8DA-4428-9409-AD2FE2B05738",
"versionEndExcluding": "3.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "61D64759-714E-47D8-B578-CCE4B59086EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression."
},
{
"lang": "es",
"value": "lib/logmatcher.c en Balabit syslog-ng anterior a v3.2.4, cuando la bandera global est\u00e1 habilitada y cuando usa PCRE v8.12 y posiblemente otras versiones, permite a atacantes remotos provocar una denegaci\u00f3n de servicio(consumo de memoria) a trav\u00e9s de un mensaje que no coincide con una expresi\u00f3n regular."
}
],
"id": "CVE-2011-1951",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-11T20:55:01.207",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git%3Ba=commit%3Bh=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062107.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/05/26/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/47800"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git%3Ba=commit%3Bh=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062107.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/05/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/47800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709088"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 00:59
Modified
2025-04-20 01:37
Severity ?
Summary
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97030 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| cve@mitre.org | https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://bugs.exim.org/show_bug.cgi?id=2052 | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201710-09 | ||
| cve@mitre.org | https://security.gentoo.org/glsa/201710-25 | ||
| cve@mitre.org | https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date | Patch | |
| cve@mitre.org | https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date | Patch | |
| cve@mitre.org | https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date | Patch | |
| cve@mitre.org | https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97030 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.exim.org/show_bug.cgi?id=2052 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-09 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-25 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pcre:pcre:8.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFAB169-4364-4D71-B0A8-2831D0A4D5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pcre:pcre2:10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B80479DA-16D6-47A1-88AF-55B5C821BDEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup."
},
{
"lang": "es",
"value": "Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (infracci\u00f3n de segmentaci\u00f3n para acceso de lectura y ca\u00edda de aplicaci\u00f3n) al activar una b\u00fasqueda de propiedad Unicode no v\u00e1lida."
}
],
"id": "CVE-2017-7186",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T00:59:00.190",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97030"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2052"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-09"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-25"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=2052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}