Lucene search

[email protected]CVE-2008-0674

HistoryFeb 18, 2008 - 11:00 p.m.

CVE-2008-0674

2008-02-1823:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2008-0674

pcre

buffer overflow

remote attackers

arbitrary code

regular expression

character class

unicode code points

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.533 Medium

EPSS

Percentile

97.6%

JSON

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.

CPENameOperatorVersion
pcre:pcrepcrele7.5

CPE	Name	Operator	Version
pcre:pcre	pcre	le	7.5

References

ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news

lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html

pcre.org/changelog.txt

secunia.com/advisories/28923

secunia.com/advisories/28957

secunia.com/advisories/28960

secunia.com/advisories/28985

secunia.com/advisories/28996

secunia.com/advisories/29027

secunia.com/advisories/29048

secunia.com/advisories/29175

secunia.com/advisories/29267

secunia.com/advisories/29282

secunia.com/advisories/30048

secunia.com/advisories/30345

secunia.com/advisories/31326

secunia.com/advisories/32222

secunia.com/advisories/32746

secunia.com/advisories/36096

security.gentoo.org/glsa/glsa-200803-24.xml

security.gentoo.org/glsa/glsa-200811-05.xml

support.apple.com/kb/HT3216

support.apple.com/kb/HT3757

wiki.rpath.com/Advisories:rPSA-2008-0086

wiki.rpath.com/wiki/Advisories:rPSA-2008-0086

wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

www.debian.org/security/2008/dsa-1499

www.mandriva.com/security/advisories?name=MDVSA-2008:053

www.openwall.com/lists/oss-security/2008/05/02/2

www.php.net/ChangeLog-5.php

www.securityfocus.com/archive/1/488927/100/0/threaded

www.securityfocus.com/archive/1/492535/100/0/threaded

www.securityfocus.com/bid/27786

www.securityfocus.com/bid/29009

www.securityfocus.com/bid/31681

www.securitytracker.com/id?1022674

www.us-cert.gov/cas/techalerts/TA09-218A.html

www.vupen.com/english/advisories/2008/0570

www.vupen.com/english/advisories/2008/0592

www.vupen.com/english/advisories/2008/1412

www.vupen.com/english/advisories/2008/2268

www.vupen.com/english/advisories/2008/2780

www.vupen.com/english/advisories/2009/2172

bugzilla.redhat.com/show_bug.cgi?id=431660

exchange.xforce.ibmcloud.com/vulnerabilities/40505

issues.rpath.com/browse/RPL-2223

issues.rpath.com/browse/RPL-2503

usn.ubuntu.com/581-1/

www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html

www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.533 Medium

EPSS

Percentile

97.6%

JSON

Related for CVE-2008-0674

nessus14 openvas27 osv1 seebug2 debian1 ubuntu1 freebsd1 prion1 ubuntucve1 fedora3 securityvulns4 gentoo2 debiancve1