Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-4768

Published: 07/11/2007 Updated: 15/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Pcre

Vulnerability Summary

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library prior to 7.3 allows context-dependent malicious users to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

Vulnerable Product Search on Vulmon Subscribe to Product

pcre pcre

Vendor Advisories

Ubuntu Security Notice: pcre3 vulnerabilities
Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application’s p ...
Debian Security Advisories: DSA-1570-1 kazehakase -- various
Andrews Salomon reported that kazehakase, a GTK+-based web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library The PCRE library has been updated to fix the security issues reported against it in pre ...
Debian Security Advisories: DSA-1399-1 pcre3 -- several vulnerabilities
Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions Version 70 of the PCRE library featured a major rewrite of the regular expression compiler, and i ...

References

CWE-119http://www.debian.org/security/2007/dsa-1399http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.htmlhttps://issues.rpath.com/browse/RPL-1738http://security.gentoo.org/glsa/glsa-200711-30.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:211http://www.securityfocus.com/bid/26346http://secunia.com/advisories/27538http://secunia.com/advisories/27543http://secunia.com/advisories/27554http://secunia.com/advisories/27741http://secunia.com/advisories/27697http://www.adobe.com/support/security/bulletins/apsb07-20.htmlhttp://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1126.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-355A.htmlhttp://securitytracker.com/id?1019116http://secunia.com/advisories/28136http://secunia.com/advisories/28157http://secunia.com/advisories/28161http://bugs.gentoo.org/show_bug.cgi?id=198976http://security.gentoo.org/glsa/glsa-200801-02.xmlhttp://secunia.com/advisories/28406http://secunia.com/advisories/28414http://www.gentoo.org/security/en/glsa/glsa-200801-07.xmlhttp://secunia.com/advisories/28570http://security.gentoo.org/glsa/glsa-200801-18.xmlhttp://security.gentoo.org/glsa/glsa-200801-19.xmlhttp://secunia.com/advisories/28714http://secunia.com/advisories/28720http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.htmlhttp://secunia.com/advisories/28213https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.htmlhttp://secunia.com/advisories/29267http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://secunia.com/advisories/29420http://www.adobe.com/support/security/bulletins/apsb08-13.htmlhttp://security.gentoo.org/glsa/glsa-200805-11.xmlhttp://secunia.com/advisories/30155http://secunia.com/advisories/30219http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1http://secunia.com/advisories/30507http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1http://secunia.com/advisories/30840http://secunia.com/advisories/30106http://www.debian.org/security/2008/dsa-1570http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2007/4258http://www.vupen.com/english/advisories/2008/1966/referenceshttp://www.vupen.com/english/advisories/2008/0924/referenceshttp://www.vupen.com/english/advisories/2008/1724/referenceshttp://www.vupen.com/english/advisories/2007/3725http://www.vupen.com/english/advisories/2007/3790http://docs.info.apple.com/article.html?artnum=307562http://docs.info.apple.com/article.html?artnum=307179https://exchange.xforce.ibmcloud.com/vulnerabilities/38278https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701https://usn.ubuntu.com/547-1/http://www.securityfocus.com/archive/1/483579/100/0/threadedhttp://www.securityfocus.com/archive/1/483357/100/0/threadedhttps://usn.ubuntu.com/547-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook