ID CVE-2007-4767
Summary Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
    cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-10-2018 - 21:37)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
apple
  • APPLE-SA-2007-12-17
  • APPLE-SA-2008-03-18
bid 26346
bugtraq
  • 20071106 rPSA-2007-0231-1 pcre
  • 20071112 FLEA-2007-0064-1 pcre
cert TA07-352A
confirm
debian
  • DSA-1399
  • DSA-1570
fedora FEDORA-2008-1842
gentoo
  • GLSA-200711-30
  • GLSA-200801-02
  • GLSA-200801-18
  • GLSA-200801-19
  • GLSA-200805-11
mandriva MDKSA-2007:211
misc http://bugs.gentoo.org/show_bug.cgi?id=198976
mlist [gtk-devel-list] 20071107 GLib 2.14.3
secunia
  • 27538
  • 27543
  • 27554
  • 27697
  • 27741
  • 27773
  • 28136
  • 28406
  • 28414
  • 28714
  • 28720
  • 29267
  • 29420
  • 30106
  • 30155
  • 30219
suse SUSE-SA:2007:062
ubuntu USN-547-1
vupen
  • ADV-2007-3725
  • ADV-2007-3790
  • ADV-2007-4238
  • ADV-2008-0924
xf pcre-p-sequence-bo(38277)
Last major update 15-10-2018 - 21:37
Published 07-11-2007 - 23:46
Back to Top