Published: 07/11/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Pcre

Perl-Compatible Regular Expression (PCRE) library prior to 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pcre pcre

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application’s p ...

Andrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library The PCRE library has been updated to fix the security issues reported against it in pre ...

Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions Version 70 of the PCRE library featured a major rewrite of the regular expression compiler, and i ...

CWE-119 http://www.debian.org/security/2007/dsa-1399 http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html https://issues.rpath.com/browse/RPL-1738 http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm http://security.gentoo.org/glsa/glsa-200711-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 http://www.mandriva.com/security/advisories?name=MDKSA-2007:212 http://www.mandriva.com/security/advisories?name=MDKSA-2007:213 http://www.redhat.com/support/errata/RHSA-2007-0967.html http://www.redhat.com/support/errata/RHSA-2007-0968.html http://www.redhat.com/support/errata/RHSA-2007-1063.html http://www.redhat.com/support/errata/RHSA-2007-1065.html http://www.novell.com/linux/security/advisories/2007_62_pcre.html http://www.novell.com/linux/security/advisories/2007_25_sr.html http://www.securityfocus.com/bid/26346 http://securitytracker.com/id?1018895 http://secunia.com/advisories/27598 http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27547 http://secunia.com/advisories/27554 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27697 http://secunia.com/advisories/27862 http://secunia.com/advisories/27776 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://secunia.com/advisories/27965 http://secunia.com/advisories/28136 http://bugs.gentoo.org/show_bug.cgi?id=198976 http://security.gentoo.org/glsa/glsa-200801-02.xml http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://security.gentoo.org/glsa/glsa-200801-18.xml http://security.gentoo.org/glsa/glsa-200801-19.xml http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://secunia.com/advisories/29785 http://security.gentoo.org/glsa/glsa-200805-11.xml http://secunia.com/advisories/30155 http://secunia.com/advisories/30219 http://www.redhat.com/support/errata/RHSA-2008-0546.html http://secunia.com/advisories/31124 https://bugzilla.redhat.com/show_bug.cgi?id=315881 http://secunia.com/advisories/30106 http://www.debian.org/security/2008/dsa-1570 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/1234/references http://www.vupen.com/english/advisories/2007/3725 http://www.vupen.com/english/advisories/2007/3790 http://docs.info.apple.com/article.html?artnum=307562 http://docs.info.apple.com/article.html?artnum=307179 https://exchange.xforce.ibmcloud.com/vulnerabilities/38273 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562 https://usn.ubuntu.com/547-1/http://www.securityfocus.com/archive/1/490917/100/0/threaded http://www.securityfocus.com/archive/1/483579/100/0/threaded http://www.securityfocus.com/archive/1/483357/100/0/threaded https://usn.ubuntu.com/547-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook