6.8

CVE-2007-1660

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PcrePcre Version <= 6.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.08% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/29420
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://secunia.com/advisories/27773
Vendor Advisory
http://secunia.com/advisories/28658
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
http://docs.info.apple.com/article.html?artnum=307179
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://secunia.com/advisories/28136
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/4238
http://secunia.com/advisories/27965
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_25_sr.html
http://lists.vmware.com/pipermail/security-announce/2008/000014.html
http://secunia.com/advisories/29785
Vendor Advisory
http://www.securityfocus.com/archive/1/490917/100/0/threaded
http://www.vupen.com/english/advisories/2008/1234/references
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
http://secunia.com/advisories/27538
Vendor Advisory
http://secunia.com/advisories/27543
Vendor Advisory
http://secunia.com/advisories/27547
Vendor Advisory
http://secunia.com/advisories/27554
Vendor Advisory
http://secunia.com/advisories/27598
Vendor Advisory
http://secunia.com/advisories/27697
Vendor Advisory
http://secunia.com/advisories/27741
Vendor Advisory
http://secunia.com/advisories/28406
Vendor Advisory
http://secunia.com/advisories/28414
Vendor Advisory
http://secunia.com/advisories/28714
Vendor Advisory
http://secunia.com/advisories/28720
Vendor Advisory
http://secunia.com/advisories/30106
http://secunia.com/advisories/30155
http://secunia.com/advisories/30219
http://security.gentoo.org/glsa/glsa-200711-30.xml
http://security.gentoo.org/glsa/glsa-200801-02.xml
http://security.gentoo.org/glsa/glsa-200801-18.xml
http://security.gentoo.org/glsa/glsa-200801-19.xml
http://security.gentoo.org/glsa/glsa-200805-11.xml
http://securitytracker.com/id?1018895
http://www.debian.org/security/2007/dsa-1399
Patch
http://www.debian.org/security/2008/dsa-1570
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
http://www.mandriva.com/security/advisories?name=MDKSA-2007:212
http://www.redhat.com/support/errata/RHSA-2007-0967.html
http://www.securityfocus.com/archive/1/483357/100/0/threaded
http://www.securityfocus.com/archive/1/483579/100/0/threaded
http://www.securityfocus.com/bid/26346
Patch
http://www.vupen.com/english/advisories/2007/3725
http://www.vupen.com/english/advisories/2007/3790
https://issues.rpath.com/browse/RPL-1738
https://usn.ubuntu.com/547-1/
http://secunia.com/advisories/27776
Vendor Advisory
http://secunia.com/advisories/27862
Vendor Advisory
http://secunia.com/advisories/31124
http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:213
http://www.redhat.com/support/errata/RHSA-2007-0968.html
http://www.redhat.com/support/errata/RHSA-2007-1063.html
http://www.redhat.com/support/errata/RHSA-2007-1065.html
http://www.redhat.com/support/errata/RHSA-2008-0546.html
https://bugzilla.redhat.com/show_bug.cgi?id=315881
https://exchange.xforce.ibmcloud.com/vulnerabilities/38273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562