ID CVE-2007-1661
Summary Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
References
Vulnerable Configurations
  • pcre Perl-Compatible Regular Expression Library 7.0
    cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.0
  • pcre Perl-Compatible Regular Expression Library 7.1
    cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.1
  • pcre Perl-Compatible Regular Expression Library 7.2
    cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.2
  • Apple Mac OS X 10.4.11
    cpe:2.3:o:apple:mac_os_x:10.4.11
  • Apple Mac OS X Server 10.4.11
    cpe:2.3:o:apple:mac_os_x_server:10.4.11
CVSS
Base: 6.4 (as of 14-08-2013 - 16:53)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-009.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 29723
    published 2007-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29723
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-009)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BFD6EEF48C9411DC8C55001C2514716C.NASL
    description Debian project reports : Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 27814
    published 2007-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27814
    title FreeBSD : pcre -- arbitrary code execution (bfd6eef4-8c94-11dc-8c55-001c2514716c)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-1842.NASL
    description This update re-based pcre to version 7.3 as used in Fedora 8 to address multiple security issues that cause memory corruption, leading to application crash or possible execution of arbitrary code. CVE-2007-1659 (#315871), CVE-2007-1661 (#392931), CVE-2007-1662 (#392921), CVE-2007-4766 (#392891), CVE-2007-4767 (#392901), CVE-2007-4768 (#392911), CVE-2008-0674 (#431660) This issue may affect usages of pcre, where regular expressions from untrusted sources are compiled. Handling of untrusted data using trusted regular expressions is not affected by these problems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 31363
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31363
    title Fedora 7 : pcre-7.3-3.fc7 (2008-1842)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-211.NASL
    description Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37237
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37237
    title Mandrake Linux Security Advisory : pcre (MDKSA-2007:211)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-30 (PCRE: Multiple vulnerabilities) Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing '\\Q\\E' sequences with unmatched '\\E' codes that can lead to the compiled bytecode being corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for unspecified 'multiple forms of character class', which triggers a buffer overflow (CVE-2007-1660). Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode (CVE-2007-1661) and when searching for unmatched brackets or parentheses (CVE-2007-1662). Multiple integer overflows when processing escape sequences may lead to invalid memory read operations or potentially cause heap-based buffer overflows (CVE-2007-4766). PCRE does not properly handle '\\P' and '\\P{x}' sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops (CVE-2007-4767), PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow (CVE-2007-4768). Chris Evans also reported multiple integer overflow vulnerabilities in PCRE when processing a large number of named subpatterns ('name_count') or long subpattern names ('max_name_size') (CVE-2006-7227), and via large 'min', 'max', or 'duplength' values (CVE-2006-7228) both possibly leading to buffer overflows. Another vulnerability was reported when compiling patterns where the '-x' or '-i' UTF-8 options change within the pattern, which might lead to improper memory calculations (CVE-2006-7230). Impact : An attacker could exploit these vulnerabilities by sending specially crafted regular expressions to applications making use of the PCRE library, which could possibly lead to the execution of arbitrary code, a Denial of Service or the disclosure of sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 28319
    published 2007-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28319
    title GLSA-200711-30 : PCRE: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PCRE-4683.NASL
    description Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-4766, CVE-2007-4767)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 28283
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28283
    title openSUSE 10 Security Update : pcre (pcre-4683)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1570.NASL
    description Andrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32144
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32144
    title Debian DSA-1570-1 : kazehakase - various
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1399.NASL
    description Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions. Version 7.0 of the PCRE library featured a major rewrite of the regular expression compiler, and it was deemed infeasible to backport the security fixes in version 7.3 to the versions in Debian's stable and oldstable distributions (6.7 and 4.5, respectively). Therefore, this update is based on version 7.4 (which includes the security bug fixes of the 7.3 version, plus several regression fixes), with special patches to improve the compatibility with the older versions. As a result, extra care is necessary when applying this update. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1659 Unmatched \Q\E sequences with orphan \E codes can cause the compiled regex to become desynchronized, resulting in corrupt bytecode that may result in multiple exploitable conditions. - CVE-2007-1660 Multiple forms of character classes had their sizes miscalculated on initial passes, resulting in too little memory being allocated. - CVE-2007-1661 Multiple patterns of the form \X?\d or \P{L}?\d in non-UTF-8 mode could backtrack before the start of the string, possibly leaking information from the address space, or causing a crash by reading out of bounds. - CVE-2007-1662 A number of routines can be fooled into reading past the end of a string looking for unmatched parentheses or brackets, resulting in a denial of service. - CVE-2007-4766 Multiple integer overflows in the processing of escape sequences could result in heap overflows or out of bounds reads/writes. - CVE-2007-4767 Multiple infinite loops and heap overflows were discovered in the handling of \P and \P{x} sequences, where the length of these non-standard operations was mishandled. - CVE-2007-4768 Character classes containing a lone unicode sequence were incorrectly optimised, resulting in a heap overflow.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 27629
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27629
    title Debian DSA-1399-1 : pcre3 - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-547-1.NASL
    description Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28359
    published 2007-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28359
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : pcre3 vulnerabilities (USN-547-1)
refmap via4
apple
  • APPLE-SA-2007-12-17
  • APPLE-SA-2008-03-18
bid 26346
bugtraq
  • 20071106 rPSA-2007-0231-1 pcre
  • 20071112 FLEA-2007-0064-1 pcre
cert TA07-352A
confirm
debian
  • DSA-1399
  • DSA-1570
fedora FEDORA-2008-1842
gentoo
  • GLSA-200711-30
  • GLSA-200801-02
  • GLSA-200801-18
  • GLSA-200801-19
  • GLSA-200805-11
mandriva MDKSA-2007:211
misc http://bugs.gentoo.org/show_bug.cgi?id=198976
mlist [gtk-devel-list] 20071107 GLib 2.14.3
secunia
  • 27538
  • 27543
  • 27554
  • 27697
  • 27741
  • 27773
  • 28136
  • 28406
  • 28414
  • 28714
  • 28720
  • 29267
  • 29420
  • 30106
  • 30155
  • 30219
suse SUSE-SA:2007:062
ubuntu USN-547-1
vupen
  • ADV-2007-3725
  • ADV-2007-3790
  • ADV-2007-4238
  • ADV-2008-0924
xf pcre-nonutf8-dos(38274)
Last major update 19-08-2013 - 13:02
Published 07-11-2007 - 18:46
Last modified 16-10-2018 - 12:39
Back to Top