Lucene search

[email protected]NVD:CVE-2007-6067

HistoryJan 09, 2008 - 9:46 p.m.

CVE-2007-6067

2008-01-0921:46:00

CWE-189

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

5.8 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.7%

JSON

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted “complex” regular expression with doubly-nested states.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch7.3

postgresqlpostgresqlMatch7.3.1

postgresqlpostgresqlMatch7.3.2

postgresqlpostgresqlMatch7.3.3

postgresqlpostgresqlMatch7.3.4

postgresqlpostgresqlMatch7.3.6

postgresqlpostgresqlMatch7.3.8

postgresqlpostgresqlMatch7.3.9

postgresqlpostgresqlMatch7.3.10

postgresqlpostgresqlMatch7.3.11

postgresqlpostgresqlMatch7.3.12

postgresqlpostgresqlMatch7.3.13

postgresqlpostgresqlMatch7.3.14

postgresqlpostgresqlMatch7.3.15

postgresqlpostgresqlMatch7.3.16

postgresqlpostgresqlMatch7.3.19

postgresqlpostgresqlMatch7.4

postgresqlpostgresqlMatch7.4.1

postgresqlpostgresqlMatch7.4.2

postgresqlpostgresqlMatch7.4.3

postgresqlpostgresqlMatch7.4.4

postgresqlpostgresqlMatch7.4.5

postgresqlpostgresqlMatch7.4.6

postgresqlpostgresqlMatch7.4.7

postgresqlpostgresqlMatch7.4.8

postgresqlpostgresqlMatch7.4.9

postgresqlpostgresqlMatch7.4.10

postgresqlpostgresqlMatch7.4.11

postgresqlpostgresqlMatch7.4.12

postgresqlpostgresqlMatch7.4.13

postgresqlpostgresqlMatch7.4.14

postgresqlpostgresqlMatch7.4.16

postgresqlpostgresqlMatch7.4.17

postgresqlpostgresqlMatch8.0

postgresqlpostgresqlMatch8.0.1

postgresqlpostgresqlMatch8.0.2

postgresqlpostgresqlMatch8.0.3

postgresqlpostgresqlMatch8.0.4

postgresqlpostgresqlMatch8.0.5

postgresqlpostgresqlMatch8.0.7

postgresqlpostgresqlMatch8.0.8

postgresqlpostgresqlMatch8.0.9

postgresqlpostgresqlMatch8.0.11

postgresqlpostgresqlMatch8.0.13

postgresqlpostgresqlMatch8.0.317

postgresqlpostgresqlMatch8.1.1

postgresqlpostgresqlMatch8.1.3

postgresqlpostgresqlMatch8.1.4

postgresqlpostgresqlMatch8.1.5

postgresqlpostgresqlMatch8.1.7

postgresqlpostgresqlMatch8.1.8

postgresqlpostgresqlMatch8.1.9

postgresqlpostgresqlMatch8.2

postgresqlpostgresqlMatch8.2.2

postgresqlpostgresqlMatch8.2.3

postgresqlpostgresqlMatch8.2.4

tcl_tktcl_tkRange≤8.4.16

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

rhn.redhat.com/errata/RHSA-2013-0122.html

secunia.com/advisories/28359

secunia.com/advisories/28376

secunia.com/advisories/28437

secunia.com/advisories/28438

secunia.com/advisories/28454

secunia.com/advisories/28455

secunia.com/advisories/28464

secunia.com/advisories/28477

secunia.com/advisories/28479

secunia.com/advisories/28679

secunia.com/advisories/28698

secunia.com/advisories/29638

security.gentoo.org/glsa/glsa-200801-15.xml

securitytracker.com/id?1019157

sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

www.debian.org/security/2008/dsa-1460

www.debian.org/security/2008/dsa-1463

www.mandriva.com/security/advisories?name=MDVSA-2008:004

www.postgresql.org/about/news.905

www.redhat.com/support/errata/RHSA-2008-0038.html

www.redhat.com/support/errata/RHSA-2008-0040.html

www.securityfocus.com/archive/1/485864/100/0/threaded

www.securityfocus.com/archive/1/486407/100/0/threaded

www.securityfocus.com/bid/27163

www.vupen.com/english/advisories/2008/0061

www.vupen.com/english/advisories/2008/0109

www.vupen.com/english/advisories/2008/1071/references

exchange.xforce.ibmcloud.com/vulnerabilities/39498

issues.rpath.com/browse/RPL-1768

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235

usn.ubuntu.com/568-1/

www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

5.8 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.7%

JSON

Related for NVD:CVE-2007-6067

cvelist1 cve1 ubuntucve1 prion1 nessus21 oraclelinux2 centos2 openvas35 redhat3 veracode1 fedora2 freebsd1 suse1 securityvulns2 gentoo1 debian2 osv2 ubuntu1