ID CVE-2007-1661
Summary Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
References
Vulnerable Configurations
  • cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 16-10-2018 - 16:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:P
refmap via4
apple
  • APPLE-SA-2007-12-17
  • APPLE-SA-2008-03-18
bid 26346
bugtraq
  • 20071106 rPSA-2007-0231-1 pcre
  • 20071112 FLEA-2007-0064-1 pcre
cert TA07-352A
confirm
debian
  • DSA-1399
  • DSA-1570
fedora FEDORA-2008-1842
gentoo
  • GLSA-200711-30
  • GLSA-200801-02
  • GLSA-200801-18
  • GLSA-200801-19
  • GLSA-200805-11
mandriva MDKSA-2007:211
misc http://bugs.gentoo.org/show_bug.cgi?id=198976
mlist [gtk-devel-list] 20071107 GLib 2.14.3
secunia
  • 27538
  • 27543
  • 27554
  • 27697
  • 27741
  • 27773
  • 28136
  • 28406
  • 28414
  • 28714
  • 28720
  • 29267
  • 29420
  • 30106
  • 30155
  • 30219
suse SUSE-SA:2007:062
ubuntu USN-547-1
vupen
  • ADV-2007-3725
  • ADV-2007-3790
  • ADV-2007-4238
  • ADV-2008-0924
xf pcre-nonutf8-dos(38274)
Last major update 16-10-2018 - 16:39
Published 07-11-2007 - 23:46
Last modified 16-10-2018 - 16:39
Back to Top