Lucene search

[email protected]CVE-2007-6067

HistoryJan 09, 2008 - 9:46 p.m.

CVE-2007-6067

2008-01-0921:46:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2007-6067

algorithmic complexity vulnerability

regular expression parser

tcl

postgresql

denial of service

memory consumption

5.8 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted “complex” regular expression with doubly-nested states.

CPENameOperatorVersion
postgresql:postgresqlpostgresqleq7.4.16
postgresql:postgresqlpostgresqleq8.0.7
postgresql:postgresqlpostgresqleq8.0.2
postgresql:postgresqlpostgresqleq8.1.7
postgresql:postgresqlpostgresqleq7.3.3
tcl_tk:tcl_tktcl tkle8.4.16
postgresql:postgresqlpostgresqleq8.2.4
postgresql:postgresqlpostgresqleq7.3
postgresql:postgresqlpostgresqleq8.0.9
postgresql:postgresqlpostgresqleq7.4.1

CPE	Name	Operator	Version
postgresql:postgresql	postgresql	eq	7.4.16
postgresql:postgresql	postgresql	eq	8.0.7
postgresql:postgresql	postgresql	eq	8.0.2
postgresql:postgresql	postgresql	eq	8.1.7
postgresql:postgresql	postgresql	eq	7.3.3
tcl_tk:tcl_tk	tcl tk	le	8.4.16
postgresql:postgresql	postgresql	eq	8.2.4
postgresql:postgresql	postgresql	eq	7.3
postgresql:postgresql	postgresql	eq	8.0.9
postgresql:postgresql	postgresql	eq	7.4.1

Rows per page:

1-10 of 571

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

rhn.redhat.com/errata/RHSA-2013-0122.html

secunia.com/advisories/28359

secunia.com/advisories/28376

secunia.com/advisories/28437

secunia.com/advisories/28438

secunia.com/advisories/28454

secunia.com/advisories/28455

secunia.com/advisories/28464

secunia.com/advisories/28477

secunia.com/advisories/28479

secunia.com/advisories/28679

secunia.com/advisories/28698

secunia.com/advisories/29638

security.gentoo.org/glsa/glsa-200801-15.xml

securitytracker.com/id?1019157

sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

www.debian.org/security/2008/dsa-1460

www.debian.org/security/2008/dsa-1463

www.mandriva.com/security/advisories?name=MDVSA-2008:004

www.postgresql.org/about/news.905

www.redhat.com/support/errata/RHSA-2008-0038.html

www.redhat.com/support/errata/RHSA-2008-0040.html

www.securityfocus.com/archive/1/485864/100/0/threaded

www.securityfocus.com/archive/1/486407/100/0/threaded

www.securityfocus.com/bid/27163

www.vupen.com/english/advisories/2008/0061

www.vupen.com/english/advisories/2008/0109

www.vupen.com/english/advisories/2008/1071/references

exchange.xforce.ibmcloud.com/vulnerabilities/39498

issues.rpath.com/browse/RPL-1768

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235

usn.ubuntu.com/568-1/

www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

5.8 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2007-6067

prion1 ubuntucve1 nessus20 oraclelinux2 centos2 openvas35 redhat3 veracode1 fedora2 securityvulns2 suse1 freebsd1 osv2 debian2 gentoo1 ubuntu1