Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-1659

Published: 07/11/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Pcre

Vulnerability Summary

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.

Vulnerable Product Search on Vulmon Subscribe to Product

pcre pcre

Vendor Advisories

Ubuntu Security Notice: pcre3 vulnerabilities
Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application’s p ...
Debian Security Advisories: DSA-1570-1 kazehakase -- various
Andrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library The PCRE library has been updated to fix the security issues reported against it in pre ...
Debian Security Advisories: DSA-1399-1 pcre3 -- several vulnerabilities
Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions Version 70 of the PCRE library featured a major rewrite of the regular expression compiler, and i ...

References

CWE-119http://www.pcre.org/changelog.txthttp://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.htmlhttps://issues.rpath.com/browse/RPL-1738http://security.gentoo.org/glsa/glsa-200711-30.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:211http://www.mandriva.com/security/advisories?name=MDKSA-2007:212http://www.redhat.com/support/errata/RHSA-2007-0967.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1068.htmlhttp://www.novell.com/linux/security/advisories/2007_62_pcre.htmlhttp://www.novell.com/linux/security/advisories/2007_25_sr.htmlhttp://www.securityfocus.com/bid/26346http://securitytracker.com/id?1018895http://secunia.com/advisories/27598http://secunia.com/advisories/27538http://secunia.com/advisories/27543http://secunia.com/advisories/27547http://secunia.com/advisories/27554http://secunia.com/advisories/27741http://secunia.com/advisories/27773http://secunia.com/advisories/27697http://support.avaya.com/elmodocs2/security/ASA-2007-505.htmhttp://docs.info.apple.com/article.html?artnum=307179http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://secunia.com/advisories/28041http://secunia.com/advisories/27965http://secunia.com/advisories/28136http://bugs.gentoo.org/show_bug.cgi?id=198976http://security.gentoo.org/glsa/glsa-200801-02.xmlhttp://secunia.com/advisories/28406http://secunia.com/advisories/28414http://security.gentoo.org/glsa/glsa-200801-18.xmlhttp://security.gentoo.org/glsa/glsa-200801-19.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:030http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.htmlhttp://secunia.com/advisories/28658http://secunia.com/advisories/28714http://secunia.com/advisories/28720https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.htmlhttp://secunia.com/advisories/29267http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://secunia.com/advisories/29420http://security.gentoo.org/glsa/glsa-200805-11.xmlhttp://secunia.com/advisories/30155http://secunia.com/advisories/30219http://secunia.com/advisories/30106http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2008/0924/referenceshttp://www.vupen.com/english/advisories/2007/3725http://www.vupen.com/english/advisories/2007/3790http://www.debian.org/security/2007/dsa-1399http://www.debian.org/security/2008/dsa-1570https://exchange.xforce.ibmcloud.com/vulnerabilities/38272https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725https://usn.ubuntu.com/547-1/http://www.securityfocus.com/archive/1/483579/100/0/threadedhttp://www.securityfocus.com/archive/1/483357/100/0/threadedhttps://usn.ubuntu.com/547-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook