| Vulnerability Name: | CVE-2006-7228 (CCN-38581) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2007-11-07 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2007-11-07 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. Note: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-190 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: MITRE Type: CNA CVE-2006-7228 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: VMware Security-Announce Mailing List, Thu Feb 21 11:00:48 PST 2008 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2007-1059 Important: pcre security update Source: CCN Type: RHSA-2007-1063 Important: pcre security update Source: CCN Type: RHSA-2007-1065 Moderate: pcre security update Source: CCN Type: RHSA-2007-1068 Important: pcre security update Source: CCN Type: RHSA-2007-1076 Moderate: python security update Source: CCN Type: RHSA-2007-1077 Moderate: python security update Source: CCN Type: RHSA-2008-0546 Moderate: php security update Source: CCN Type: CESA-2007-006 - rev 1 pcre integer / buffer overflows Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: SA27582 PCRE Regex Parsing Multiple Vulnerabilities Source: CCN Type: SA28041 Avaya Products PCRE Multiple Vulnerabilities Source: CCN Type: SA28414 R PCRE Multiple Vulnerabilities Source: CCN Type: SA29785 VMware ESX Server Multiple Security Updates Source: CCN Type: SA30155 Chicken PCRE Buffer Overflow Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: ASA-2007-504 PCRE security update (RHSA-2007-1063) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: ASA-2007-505 PCRE security update (RHSA-2007-1068) Source: CCN Type: ASA-2008-001 pcre security update (RHSA-2007-1065) Source: CCN Type: ASA-2008-017 python security update (RHSA-2007-1077) Source: CCN Type: ASA-2008-325 php security update (RHSA-2008-0546) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: DEBIAN Type: DSA-1570 kazehakase -- various Source: CCN Type: GLSA-200711-30 PCRE: Multiple vulnerabilities Source: CCN Type: GLSA-200801-02 R: Multiple vulnerabilities Source: CCN Type: GLSA-200801-18 Kazehakase: Multiple vulnerabilities Source: CCN Type: GLSA-200802-10 Python: PCRE Integer overflow Source: CCN Type: GLSA-200805-11 Chicken: Multiple vulnerabilities Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: PCRE Web site PCRE - Perl Compatible Regular Expressions Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-26462 PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN pcre-regex-minmaxduplength-overflow(38581) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: SUSE Type: SUSE-SA:2007:062 pcre security problems Source: SUSE Type: SUSE-SA:2008:004 php5 php4 Security Problems | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||