CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
89.2%
CentOS Errata and Security Advisory CESA-2007:1052
PCRE is a Perl-compatible regular expression library.
Flaws were found in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2005-4872, CVE-2006-7227)
Users of PCRE are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-November/076571.html
https://lists.centos.org/pipermail/centos-announce/2007-November/076572.html
https://lists.centos.org/pipermail/centos-announce/2007-November/076575.html
https://lists.centos.org/pipermail/centos-announce/2007-November/076576.html
Affected packages:
pcre
pcre-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:1052
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | pcre | < 4.5-4.c4.4 | pcre-4.5-4.c4.4.ia64.rpm |
CentOS | 4 | ia64 | pcre-devel | < 4.5-4.c4.4 | pcre-devel-4.5-4.c4.4.ia64.rpm |
CentOS | 4 | s390 | pcre | < 4.5-4.c4.4 | pcre-4.5-4.c4.4.s390.rpm |
CentOS | 4 | s390 | pcre-devel | < 4.5-4.c4.4 | pcre-devel-4.5-4.c4.4.s390.rpm |
CentOS | 4 | s390x | pcre | < 4.5-4.c4.4 | pcre-4.5-4.c4.4.s390x.rpm |
CentOS | 4 | s390x | pcre-devel | < 4.5-4.c4.4 | pcre-devel-4.5-4.c4.4.s390x.rpm |
CentOS | 4 | i386 | pcre | < 4.5-4.el4_5.4 | pcre-4.5-4.el4_5.4.i386.rpm |
CentOS | 4 | x86_64 | pcre | < 4.5-4.el4_5.4 | pcre-4.5-4.el4_5.4.x86_64.rpm |
CentOS | 4 | x86_64 | pcre-devel | < 4.5-4.el4_5.4 | pcre-devel-4.5-4.el4_5.4.x86_64.rpm |
CentOS | 4 | i386 | pcre | < 4.5-4.el4_5.4 | pcre-4.5-4.el4_5.4.i386.rpm |