CVE-2007-1661 - Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certai

CVE-2007-1661

Summary

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

References

Vulnerable Configurations

cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.0:*:*:*:*:*:*:*
cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.0:*:*:*:*:*:*:*
cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.1:*:*:*:*:*:*:*
cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.1:*:*:*:*:*:*:*
cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.2:*:*:*:*:*:*:*
cpe:2.3:a:pcre:perl-compatible_regular_expression_library:7.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 16-10-2018 - 16:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:P

refmap via4

apple	APPLE-SA-2007-12-17 APPLE-SA-2008-03-18
bid	26346
bugtraq	20071106 rPSA-2007-0231-1 pcre 20071112 FLEA-2007-0064-1 pcre
cert	TA07-352A
confirm	http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://www.pcre.org/changelog.txt https://issues.rpath.com/browse/RPL-1738
debian	DSA-1399 DSA-1570
fedora	FEDORA-2008-1842
gentoo	GLSA-200711-30 GLSA-200801-02 GLSA-200801-18 GLSA-200801-19 GLSA-200805-11
mandriva	MDKSA-2007:211
misc	http://bugs.gentoo.org/show_bug.cgi?id=198976
mlist	[gtk-devel-list] 20071107 GLib 2.14.3
secunia	27538 27543 27554 27697 27741 27773 28136 28406 28414 28714 28720 29267 29420 30106 30155 30219
suse	SUSE-SA:2007:062
ubuntu	USN-547-1
vupen	ADV-2007-3725 ADV-2007-3790 ADV-2007-4238 ADV-2008-0924
xf	pcre-nonutf8-dos(38274)

Last major update

16-10-2018 - 16:39

Published

07-11-2007 - 23:46

Last modified

16-10-2018 - 16:39