Lucene search

K

[email protected]CVE-2007-1661

HistoryNov 07, 2007 - 11:46 p.m.

CVE-2007-1661

2007-11-0723:46:00

[email protected]

web.nvd.nist.gov

30

cve-2007-1661

pcre library

regular expression

information security

denial of service

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.2 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the “\X?\d” and “\P{L}?\d” patterns.

Affected configurations

NVD

Node

pcreperl-compatible_regular_expression_libraryRange≤7.2

OR

pcreperl-compatible_regular_expression_libraryMatch7.0

OR

pcreperl-compatible_regular_expression_libraryMatch7.1

Node

applemac_os_xMatch10.4.11

OR

applemac_os_x_serverMatch10.4.11

CPENameOperatorVersion
pcre:perl-compatible_regular_expression_librarypcre perl-compatible regular expression libraryle7.2
pcre:perl-compatible_regular_expression_librarypcre perl-compatible regular expression libraryeq7.0
pcre:perl-compatible_regular_expression_librarypcre perl-compatible regular expression libraryeq7.1

References

bugs.gentoo.org/show_bug.cgi?id=198976

docs.info.apple.com/article.html?artnum=307179

docs.info.apple.com/article.html?artnum=307562

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html

secunia.com/advisories/27538

secunia.com/advisories/27543

secunia.com/advisories/27554

secunia.com/advisories/27697

secunia.com/advisories/27741

secunia.com/advisories/27773

secunia.com/advisories/28136

secunia.com/advisories/28406

secunia.com/advisories/28414

secunia.com/advisories/28714

secunia.com/advisories/28720

secunia.com/advisories/29267

secunia.com/advisories/29420

secunia.com/advisories/30106

secunia.com/advisories/30155

secunia.com/advisories/30219

security.gentoo.org/glsa/glsa-200711-30.xml

security.gentoo.org/glsa/glsa-200801-02.xml

security.gentoo.org/glsa/glsa-200801-18.xml

security.gentoo.org/glsa/glsa-200801-19.xml

security.gentoo.org/glsa/glsa-200805-11.xml

www.debian.org/security/2007/dsa-1399

www.debian.org/security/2008/dsa-1570

www.mandriva.com/security/advisories?name=MDKSA-2007:211

www.novell.com/linux/security/advisories/2007_62_pcre.html

www.pcre.org/changelog.txt

www.securityfocus.com/archive/1/483357/100/0/threaded

www.securityfocus.com/archive/1/483579/100/0/threaded

www.securityfocus.com/bid/26346

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/3725

www.vupen.com/english/advisories/2007/3790

www.vupen.com/english/advisories/2007/4238

www.vupen.com/english/advisories/2008/0924/references

exchange.xforce.ibmcloud.com/vulnerabilities/38274

issues.rpath.com/browse/RPL-1738

usn.ubuntu.com/547-1/

www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.2 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

Related for CVE-2007-1661

cvelist1 nvd1 ubuntucve1 debiancve1 prion1 nessus10 openvas25 freebsd1 securityvulns2 ubuntu1 fedora1 debian2 osv1 suse1 gentoo1