6.8

CVE-2007-6067

Exploit
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version7.3
PostgresqlPostgresql Version7.3.1
PostgresqlPostgresql Version7.3.2
PostgresqlPostgresql Version7.3.3
PostgresqlPostgresql Version7.3.4
PostgresqlPostgresql Version7.3.6
PostgresqlPostgresql Version7.3.8
PostgresqlPostgresql Version7.3.9
PostgresqlPostgresql Version7.3.10
PostgresqlPostgresql Version7.3.11
PostgresqlPostgresql Version7.3.12
PostgresqlPostgresql Version7.3.13
PostgresqlPostgresql Version7.3.14
PostgresqlPostgresql Version7.3.15
PostgresqlPostgresql Version7.3.16
PostgresqlPostgresql Version7.3.19
PostgresqlPostgresql Version7.4
PostgresqlPostgresql Version7.4.1
PostgresqlPostgresql Version7.4.2
PostgresqlPostgresql Version7.4.3
PostgresqlPostgresql Version7.4.4
PostgresqlPostgresql Version7.4.5
PostgresqlPostgresql Version7.4.6
PostgresqlPostgresql Version7.4.7
PostgresqlPostgresql Version7.4.8
PostgresqlPostgresql Version7.4.9
PostgresqlPostgresql Version7.4.10
PostgresqlPostgresql Version7.4.11
PostgresqlPostgresql Version7.4.12
PostgresqlPostgresql Version7.4.13
PostgresqlPostgresql Version7.4.14
PostgresqlPostgresql Version7.4.16
PostgresqlPostgresql Version7.4.17
PostgresqlPostgresql Version8.0
PostgresqlPostgresql Version8.0.1
PostgresqlPostgresql Version8.0.2
PostgresqlPostgresql Version8.0.3
PostgresqlPostgresql Version8.0.4
PostgresqlPostgresql Version8.0.5
PostgresqlPostgresql Version8.0.7
PostgresqlPostgresql Version8.0.8
PostgresqlPostgresql Version8.0.9
PostgresqlPostgresql Version8.0.11
PostgresqlPostgresql Version8.0.13
PostgresqlPostgresql Version8.0.317
PostgresqlPostgresql Version8.1.1
PostgresqlPostgresql Version8.1.3
PostgresqlPostgresql Version8.1.4
PostgresqlPostgresql Version8.1.5
PostgresqlPostgresql Version8.1.7
PostgresqlPostgresql Version8.1.8
PostgresqlPostgresql Version8.1.9
PostgresqlPostgresql Version8.2
PostgresqlPostgresql Version8.2.2
PostgresqlPostgresql Version8.2.3
PostgresqlPostgresql Version8.2.4
Tcl TkTcl Tk Version <= 8.4.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.86% 0.888
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8 6.9
AV:N/AC:L/Au:S/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://secunia.com/advisories/28376
http://secunia.com/advisories/28437
http://secunia.com/advisories/28438
http://secunia.com/advisories/28454
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479
http://secunia.com/advisories/28679
http://secunia.com/advisories/29638
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/1071/references
https://usn.ubuntu.com/568-1/
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://secunia.com/advisories/28359
Vendor Advisory
http://secunia.com/advisories/28455
http://secunia.com/advisories/28464
http://secunia.com/advisories/28698
http://securitytracker.com/id?1019157
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
http://www.postgresql.org/about/news.905
http://www.securityfocus.com/archive/1/485864/100/0/threaded
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/bid/27163
Patch
http://www.vupen.com/english/advisories/2008/0061
https://issues.rpath.com/browse/RPL-1768
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
http://rhn.redhat.com/errata/RHSA-2013-0122.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/39498
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235