Lucene search

K

[email protected]CVE-2007-1661

HistoryNov 07, 2007 - 11:46 p.m.

CVE-2007-1661

2007-11-0723:46:00

[email protected]

web.nvd.nist.gov

29

cve-2007-1661

pcre library

regular expression

information security

denial of service

9.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.021 Low

EPSS

Percentile

89.1%

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the “\X?\d” and “\P{L}?\d” patterns.

Affected configurations

NVD

Node

pcreperl-compatible_regular_expression_libraryRange≤7.2

OR

pcreperl-compatible_regular_expression_libraryMatch7.0

OR

pcreperl-compatible_regular_expression_libraryMatch7.1

Node

applemac_os_xMatch10.4.11

OR

applemac_os_x_serverMatch10.4.11

CPENameOperatorVersion
pcre:perl-compatible_regular_expression_librarypcre perl-compatible regular expression libraryle7.2
pcre:perl-compatible_regular_expression_librarypcre perl-compatible regular expression libraryeq7.0
pcre:perl-compatible_regular_expression_librarypcre perl-compatible regular expression libraryeq7.1

References

bugs.gentoo.org/show_bug.cgi?id=198976

docs.info.apple.com/article.html?artnum=307179

docs.info.apple.com/article.html?artnum=307562

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html

secunia.com/advisories/27538

secunia.com/advisories/27543

secunia.com/advisories/27554

secunia.com/advisories/27697

secunia.com/advisories/27741

secunia.com/advisories/27773

secunia.com/advisories/28136

secunia.com/advisories/28406

secunia.com/advisories/28414

secunia.com/advisories/28714

secunia.com/advisories/28720

secunia.com/advisories/29267

secunia.com/advisories/29420

secunia.com/advisories/30106

secunia.com/advisories/30155

secunia.com/advisories/30219

security.gentoo.org/glsa/glsa-200711-30.xml

security.gentoo.org/glsa/glsa-200801-02.xml

security.gentoo.org/glsa/glsa-200801-18.xml

security.gentoo.org/glsa/glsa-200801-19.xml

security.gentoo.org/glsa/glsa-200805-11.xml

www.debian.org/security/2007/dsa-1399

www.debian.org/security/2008/dsa-1570

www.mandriva.com/security/advisories?name=MDKSA-2007:211

www.novell.com/linux/security/advisories/2007_62_pcre.html

www.pcre.org/changelog.txt

www.securityfocus.com/archive/1/483357/100/0/threaded

www.securityfocus.com/archive/1/483579/100/0/threaded

www.securityfocus.com/bid/26346

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/3725

www.vupen.com/english/advisories/2007/3790

www.vupen.com/english/advisories/2007/4238

www.vupen.com/english/advisories/2008/0924/references

exchange.xforce.ibmcloud.com/vulnerabilities/38274

issues.rpath.com/browse/RPL-1738

usn.ubuntu.com/547-1/

www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html

9.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.021 Low

EPSS

Percentile

89.1%

Related for CVE-2007-1661

ubuntucve1 debiancve1 prion1 cvelist1 nvd1 nessus10 openvas25 securityvulns2 freebsd1 fedora1 ubuntu1 debian2 osv1 suse1 gentoo1