Lucene search

K
cve[email protected]CVE-2007-1661
HistoryNov 07, 2007 - 11:46 p.m.

CVE-2007-1661

2007-11-0723:46:00
web.nvd.nist.gov
29
cve-2007-1661
pcre library
regular expression
information security
denial of service

9.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.021 Low

EPSS

Percentile

89.1%

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the “\X?\d” and “\P{L}?\d” patterns.

Affected configurations

NVD
Node
pcreperl-compatible_regular_expression_libraryRange7.2
OR
pcreperl-compatible_regular_expression_libraryMatch7.0
OR
pcreperl-compatible_regular_expression_libraryMatch7.1
Node
applemac_os_xMatch10.4.11
OR
applemac_os_x_serverMatch10.4.11

References

9.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.021 Low

EPSS

Percentile

89.1%