ID CVE-2007-4766
Summary Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
References
Vulnerable Configurations
  • cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
    cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-10-2018 - 21:37)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple
  • APPLE-SA-2007-12-17
  • APPLE-SA-2008-03-18
bid 26346
bugtraq
  • 20071106 rPSA-2007-0231-1 pcre
  • 20071112 FLEA-2007-0064-1 pcre
cert TA07-352A
confirm
debian
  • DSA-1399
  • DSA-1570
fedora FEDORA-2008-1842
gentoo
  • GLSA-200711-30
  • GLSA-200801-02
  • GLSA-200801-18
  • GLSA-200801-19
  • GLSA-200805-11
mandriva MDKSA-2007:211
misc http://bugs.gentoo.org/show_bug.cgi?id=198976
mlist [gtk-devel-list] 20071107 GLib 2.14.3
secunia
  • 27538
  • 27543
  • 27554
  • 27697
  • 27741
  • 27773
  • 28136
  • 28406
  • 28414
  • 28714
  • 28720
  • 29267
  • 29420
  • 30106
  • 30155
  • 30219
suse SUSE-SA:2007:062
ubuntu USN-547-1
vupen
  • ADV-2007-3725
  • ADV-2007-3790
  • ADV-2007-4238
  • ADV-2008-0924
xf pcre-escape-sequence-overflow(38276)
Last major update 15-10-2018 - 21:37
Published 07-11-2007 - 23:46
Back to Top