| Vulnerability Name: | CVE-2007-1661 (CCN-38274) | ||||||||||||||||||||||||||||||||
| Assigned: | 2007-11-05 | ||||||||||||||||||||||||||||||||
| Published: | 2007-11-05 | ||||||||||||||||||||||||||||||||
| Updated: | 2018-10-16 | ||||||||||||||||||||||||||||||||
| Summary: | Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Dec 17 2007 - 15:47:29 CST Apple OS X Software Update Remote Command Execution Source: MISC Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=198976 Source: MITRE Type: CNA CVE-2007-1661 Source: CCN Type: Apple Web site About Security Update 2007-009 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307179 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307562 Source: APPLE Type: UNKNOWN APPLE-SA-2007-12-17 Source: APPLE Type: UNKNOWN APPLE-SA-2008-03-18 Source: MLIST Type: UNKNOWN [gtk-devel-list] 20071107 GLib 2.14.3 Source: SECUNIA Type: Vendor Advisory 27538 Source: CCN Type: SA27543 PCRE Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 27543 Source: SECUNIA Type: Vendor Advisory 27554 Source: SECUNIA Type: Vendor Advisory 27697 Source: SECUNIA Type: Vendor Advisory 27741 Source: SECUNIA Type: Vendor Advisory 27773 Source: CCN Type: SA28136 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28136 Source: SECUNIA Type: Vendor Advisory 28406 Source: CCN Type: SA28414 R PCRE Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28414 Source: SECUNIA Type: Vendor Advisory 28714 Source: SECUNIA Type: Vendor Advisory 28720 Source: SECUNIA Type: Vendor Advisory 29267 Source: CCN Type: SA29420 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 29420 Source: SECUNIA Type: Vendor Advisory 30106 Source: CCN Type: SA30155 Chicken PCRE Buffer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 30155 Source: SECUNIA Type: Vendor Advisory 30219 Source: GENTOO Type: UNKNOWN GLSA-200711-30 Source: GENTOO Type: UNKNOWN GLSA-200801-02 Source: GENTOO Type: UNKNOWN GLSA-200801-18 Source: GENTOO Type: UNKNOWN GLSA-200801-19 Source: GENTOO Type: UNKNOWN GLSA-200805-11 Source: DEBIAN Type: Patch DSA-1399 Source: DEBIAN Type: UNKNOWN DSA-1570 Source: DEBIAN Type: DSA-1399 pcre3 -- several vulnerabilities Source: DEBIAN Type: DSA-1570 kazehakase -- various Source: CCN Type: GLSA-200711-30 PCRE: Multiple vulnerabilities Source: CCN Type: GLSA-200801-02 R: Multiple vulnerabilities Source: CCN Type: GLSA-200801-18 Kazehakase: Multiple vulnerabilities Source: CCN Type: GLSA-200801-19 GOffice: Multiple vulnerabilities Source: CCN Type: GLSA-200805-11 Chicken: Multiple vulnerabilities Source: MANDRIVA Type: UNKNOWN MDKSA-2007:211 Source: SUSE Type: UNKNOWN SUSE-SA:2007:062 Source: CCN Type: OSVDB ID: 40761 Perl-Compatible Regular Expression (PCRE) Non-UTF-8 Mode Pattern Matching Information Disclosure Source: CCN Type: PCRE Web site PCRE - Perl Compatible Regular Expressions Source: CONFIRM Type: UNKNOWN http://www.pcre.org/changelog.txt Source: BUGTRAQ Type: UNKNOWN 20071106 rPSA-2007-0231-1 pcre Source: BUGTRAQ Type: UNKNOWN 20071112 FLEA-2007-0064-1 pcre Source: BID Type: UNKNOWN 26346 Source: CCN Type: BID-26346 PCRE Regular Expression Library Multiple Security Vulnerabilities Source: CCN Type: USN-547-1 PCRE vulnerabilities Source: CERT Type: US Government Resource TA07-352A Source: VUPEN Type: UNKNOWN ADV-2007-3725 Source: VUPEN Type: UNKNOWN ADV-2007-3790 Source: VUPEN Type: UNKNOWN ADV-2007-4238 Source: VUPEN Type: UNKNOWN ADV-2008-0924 Source: XF Type: UNKNOWN pcre-nonutf8-dos(38274) Source: XF Type: UNKNOWN pcre-nonutf8-dos(38274) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1738 Source: UBUNTU Type: UNKNOWN USN-547-1 Source: FEDORA Type: UNKNOWN FEDORA-2008-1842 Source: SUSE Type: SUSE-SA:2007:062 pcre security problems | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||