6.8

CVE-2007-1660

EPSS 5.63%
Published 07.11.2007 23:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Affected products Warnungen 0 Metrics 2 CWE 1 References 68

Data is provided by the National Vulnerability Database (NVD)

Pcre ≫ Pcre Version <= 6.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.63%	0.893

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://docs.info.apple.com/article.html?artnum=307562

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://www.vupen.com/english/advisories/2008/0924/references

http://secunia.com/advisories/29420

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

http://secunia.com/advisories/27773

Vendor Advisory

http://secunia.com/advisories/28658

Vendor Advisory

http://www.novell.com/linux/security/advisories/2007_62_pcre.html

http://docs.info.apple.com/article.html?artnum=307179

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

http://secunia.com/advisories/28136

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/4238

http://secunia.com/advisories/27965

Vendor Advisory

http://www.novell.com/linux/security/advisories/2007_25_sr.html

http://lists.vmware.com/pipermail/security-announce/2008/000014.html

http://secunia.com/advisories/29785

Vendor Advisory

http://www.securityfocus.com/archive/1/490917/100/0/threaded

http://www.vupen.com/english/advisories/2008/1234/references

http://bugs.gentoo.org/show_bug.cgi?id=198976

http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html

http://secunia.com/advisories/27538

Vendor Advisory

http://secunia.com/advisories/27543

Vendor Advisory

http://secunia.com/advisories/27547

Vendor Advisory

http://secunia.com/advisories/27554

Vendor Advisory

http://secunia.com/advisories/27598

Vendor Advisory

http://secunia.com/advisories/27697

Vendor Advisory

http://secunia.com/advisories/27741

Vendor Advisory

http://secunia.com/advisories/28406

Vendor Advisory

http://secunia.com/advisories/28414

Vendor Advisory

http://secunia.com/advisories/28714

Vendor Advisory

http://secunia.com/advisories/28720

Vendor Advisory

http://secunia.com/advisories/30106

http://secunia.com/advisories/30155

http://secunia.com/advisories/30219

http://security.gentoo.org/glsa/glsa-200711-30.xml

http://security.gentoo.org/glsa/glsa-200801-02.xml

http://security.gentoo.org/glsa/glsa-200801-18.xml

http://security.gentoo.org/glsa/glsa-200801-19.xml

http://security.gentoo.org/glsa/glsa-200805-11.xml

http://securitytracker.com/id?1018895

http://www.debian.org/security/2007/dsa-1399

Patch

http://www.debian.org/security/2008/dsa-1570

http://www.mandriva.com/security/advisories?name=MDKSA-2007:211

http://www.mandriva.com/security/advisories?name=MDKSA-2007:212

http://www.redhat.com/support/errata/RHSA-2007-0967.html

http://www.securityfocus.com/archive/1/483357/100/0/threaded

http://www.securityfocus.com/archive/1/483579/100/0/threaded

http://www.securityfocus.com/bid/26346

Patch

http://www.vupen.com/english/advisories/2007/3725

http://www.vupen.com/english/advisories/2007/3790

https://issues.rpath.com/browse/RPL-1738

https://usn.ubuntu.com/547-1/

http://secunia.com/advisories/27776

Vendor Advisory

http://secunia.com/advisories/27862

Vendor Advisory

http://secunia.com/advisories/31124

http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm

http://www.mandriva.com/security/advisories?name=MDKSA-2007:213

http://www.redhat.com/support/errata/RHSA-2007-0968.html

http://www.redhat.com/support/errata/RHSA-2007-1063.html

http://www.redhat.com/support/errata/RHSA-2007-1065.html

http://www.redhat.com/support/errata/RHSA-2008-0546.html

https://bugzilla.redhat.com/show_bug.cgi?id=315881

https://exchange.xforce.ibmcloud.com/vulnerabilities/38273

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562

https://nvd.nist.gov/vuln/detail/CVE-2007-1660

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1660

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1660

EUVD