Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2007-1661

Published: 07/11/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Perl-compatible Regular Expression Library

Vulnerability Summary

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent malicious users to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

Vulnerable Product Search on Vulmon Subscribe to Product

pcre perl-compatible regular expression library 7.0

pcre perl-compatible regular expression library

pcre perl-compatible regular expression library 7.1

apple mac os x server 10.4.11

apple mac os x 10.4.11

Vendor Advisories

Ubuntu Security Notice: pcre3 vulnerabilities
Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application’s p ...
Debian Security Advisories: DSA-1570-1 kazehakase -- various
Andrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library The PCRE library has been updated to fix the security issues reported against it in pre ...
Debian Security Advisories: DSA-1399-1 pcre3 -- several vulnerabilities
Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions Version 70 of the PCRE library featured a major rewrite of the regular expression compiler, and i ...

References

NVD-CWE-Otherhttp://www.pcre.org/changelog.txthttp://www.debian.org/security/2007/dsa-1399http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.htmlhttps://issues.rpath.com/browse/RPL-1738http://security.gentoo.org/glsa/glsa-200711-30.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:211http://www.novell.com/linux/security/advisories/2007_62_pcre.htmlhttp://www.securityfocus.com/bid/26346http://secunia.com/advisories/27538http://secunia.com/advisories/27543http://secunia.com/advisories/27554http://secunia.com/advisories/27741http://secunia.com/advisories/27773http://secunia.com/advisories/27697http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://secunia.com/advisories/28136http://bugs.gentoo.org/show_bug.cgi?id=198976http://security.gentoo.org/glsa/glsa-200801-02.xmlhttp://secunia.com/advisories/28406http://secunia.com/advisories/28414http://security.gentoo.org/glsa/glsa-200801-18.xmlhttp://security.gentoo.org/glsa/glsa-200801-19.xmlhttp://secunia.com/advisories/28714http://secunia.com/advisories/28720https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.htmlhttp://secunia.com/advisories/29267http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://secunia.com/advisories/29420http://security.gentoo.org/glsa/glsa-200805-11.xmlhttp://secunia.com/advisories/30155http://secunia.com/advisories/30219http://secunia.com/advisories/30106http://www.debian.org/security/2008/dsa-1570http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2007/3790http://www.vupen.com/english/advisories/2007/3725http://www.vupen.com/english/advisories/2008/0924/referenceshttp://docs.info.apple.com/article.html?artnum=307562http://docs.info.apple.com/article.html?artnum=307179https://exchange.xforce.ibmcloud.com/vulnerabilities/38274https://usn.ubuntu.com/547-1/http://www.securityfocus.com/archive/1/483579/100/0/threadedhttp://www.securityfocus.com/archive/1/483357/100/0/threadedhttps://usn.ubuntu.com/547-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook