| Vulnerability Name: | CVE-2007-4768 (CCN-38278) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2007-11-05 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2007-11-05 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-15 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Dec 17 2007 - 15:47:29 CST Apple OS X Software Update Remote Command Execution Source: MISC Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=198976 Source: MITRE Type: CNA CVE-2007-4768 Source: CCN Type: Apple Web site About Security Update 2007-009 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307179 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307562 Source: APPLE Type: UNKNOWN APPLE-SA-2007-12-17 Source: APPLE Type: UNKNOWN APPLE-SA-2008-03-18 Source: SUSE Type: UNKNOWN SUSE-SA:2007:069 Source: MLIST Type: UNKNOWN [gtk-devel-list] 20071107 GLib 2.14.3 Source: CCN Type: RHSA-2007-1126 Critical: flash-plugin security update Source: SECUNIA Type: UNKNOWN 27538 Source: CCN Type: SA27543 PCRE Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 27543 Source: SECUNIA Type: UNKNOWN 27554 Source: SECUNIA Type: UNKNOWN 27697 Source: SECUNIA Type: UNKNOWN 27741 Source: CCN Type: SA28136 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 28136 Source: SECUNIA Type: UNKNOWN 28157 Source: CCN Type: SA28161 Adobe Flash Player Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 28161 Source: SECUNIA Type: UNKNOWN 28213 Source: SECUNIA Type: UNKNOWN 28406 Source: CCN Type: SA28414 R PCRE Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 28414 Source: SECUNIA Type: UNKNOWN 28570 Source: SECUNIA Type: UNKNOWN 28714 Source: SECUNIA Type: UNKNOWN 28720 Source: SECUNIA Type: UNKNOWN 29267 Source: CCN Type: SA29420 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 29420 Source: SECUNIA Type: UNKNOWN 30106 Source: CCN Type: SA30155 Chicken PCRE Buffer Overflow Vulnerability Source: SECUNIA Type: UNKNOWN 30155 Source: SECUNIA Type: UNKNOWN 30219 Source: SECUNIA Type: UNKNOWN 30507 Source: CCN Type: SA30840 Sun Solaris Adobe Reader Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 30840 Source: GENTOO Type: UNKNOWN GLSA-200711-30 Source: GENTOO Type: UNKNOWN GLSA-200801-02 Source: GENTOO Type: UNKNOWN GLSA-200801-18 Source: GENTOO Type: UNKNOWN GLSA-200801-19 Source: GENTOO Type: UNKNOWN GLSA-200805-11 Source: CCN Type: SECTRACK ID: 1019116 Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code, Scan Ports, and Conduct HTTP Request Splitting and Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1019116 Source: SUNALERT Type: UNKNOWN 238305 Source: SUNALERT Type: UNKNOWN 239286 Source: CCN Type: Sun Alert ID: 238305 Multiple Security Vulnerabilities in Flash Player for Solaris Source: CCN Type: Sun Alert ID: 239286 Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code Source: CCN Type: ASA-2008-013 flash-plugin security update (RHSA-2007-1126) Source: CCN Type: ASA-2008-241 Multiple Security Vulnerabilities in Flash Player for Solaris (Sun 238305) Source: CCN Type: ASA-2008-281 Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code (Sun 239286) Source: CCN Type: NORTEL BULLETIN ID: 2008008954, Rev 1 Nortel Response to Sun Alert 238305 - Multiple Security Vulnerabilities in Flash Player for Solaris 10 Source: CCN Type: Adobe Product Security Bulletin APSB07-20 Flash Player update available to address security vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/bulletins/apsb07-20.html Source: CCN Type: Adobe Product Security Bulletin APSB08-13 Security Updates available for Adobe Reader and Acrobat 7 and 8 Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/bulletins/apsb08-13.html Source: DEBIAN Type: UNKNOWN DSA-1399 Source: DEBIAN Type: UNKNOWN DSA-1570 Source: DEBIAN Type: DSA-1399 pcre3 -- several vulnerabilities Source: DEBIAN Type: DSA-1570 kazehakase -- various Source: CCN Type: GLSA-200711-30 PCRE: Multiple vulnerabilities Source: CCN Type: GLSA-200801-02 R: Multiple vulnerabilities Source: CCN Type: GLSA-200801-07 Adobe Flash Player: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200801-07 Source: CCN Type: GLSA-200801-18 Kazehakase: Multiple vulnerabilities Source: CCN Type: GLSA-200801-19 GOffice: Multiple vulnerabilities Source: CCN Type: GLSA-200805-11 Chicken: Multiple vulnerabilities Source: MANDRIVA Type: UNKNOWN MDKSA-2007:211 Source: CCN Type: PCRE Web site PCRE - Perl Compatible Regular Expressions Source: REDHAT Type: UNKNOWN RHSA-2007:1126 Source: BUGTRAQ Type: UNKNOWN 20071106 rPSA-2007-0231-1 pcre Source: BUGTRAQ Type: UNKNOWN 20071112 FLEA-2007-0064-1 pcre Source: BID Type: UNKNOWN 26346 Source: CCN Type: BID-26346 PCRE Regular Expression Library Multiple Security Vulnerabilities Source: CCN Type: TLSA-2008-1 Multiple vulnerabilities exist in flash-player Source: CCN Type: USN-547-1 PCRE vulnerabilities Source: CERT Type: US Government Resource TA07-352A Source: CERT Type: US Government Resource TA07-355A Source: VUPEN Type: UNKNOWN ADV-2007-3725 Source: VUPEN Type: UNKNOWN ADV-2007-3790 Source: VUPEN Type: UNKNOWN ADV-2007-4238 Source: VUPEN Type: UNKNOWN ADV-2007-4258 Source: VUPEN Type: UNKNOWN ADV-2008-0924 Source: VUPEN Type: UNKNOWN ADV-2008-1724 Source: VUPEN Type: UNKNOWN ADV-2008-1966 Source: XF Type: UNKNOWN pcre-class-unicode-bo(38278) Source: XF Type: UNKNOWN pcre-class-unicode-bo(38278) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1738 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9701 Source: UBUNTU Type: UNKNOWN USN-547-1 Source: FEDORA Type: UNKNOWN FEDORA-2008-1842 Source: SUSE Type: SUSE-SA:2007:069 flash-player security update | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||