Lucene search

[email protected]CVE-2006-7228

HistoryNov 14, 2007 - 9:46 p.m.

CVE-2006-7228

2007-11-1421:46:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2006-7228

pcre library

integer overflow

regular expression

buffer overflow

code execution

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.9

Confidence

High

EPSS

0.021

Percentile

89.2%

JSON

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Affected configurations

NVD

Node

pcrepcreRange≤6.6

VendorProductVersionCPE
pcrepcrecpe:/a:pcre:pcre::::

Vendor	Product	Version	CPE
pcre	pcre		cpe:/a:pcre:pcre::::

References

bugs.gentoo.org/show_bug.cgi?id=198976

lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

lists.vmware.com/pipermail/security-announce/2008/000005.html

lists.vmware.com/pipermail/security-announce/2008/000014.html

scary.beasts.org/security/CESA-2007-006.html

secunia.com/advisories/27582

secunia.com/advisories/27741

secunia.com/advisories/27773

secunia.com/advisories/27776

secunia.com/advisories/28027

secunia.com/advisories/28041

secunia.com/advisories/28050

secunia.com/advisories/28406

secunia.com/advisories/28414

secunia.com/advisories/28658

secunia.com/advisories/28714

secunia.com/advisories/28720

secunia.com/advisories/29032

secunia.com/advisories/29085

secunia.com/advisories/29785

secunia.com/advisories/30106

secunia.com/advisories/30155

secunia.com/advisories/30219

secunia.com/advisories/31124

security.gentoo.org/glsa/glsa-200711-30.xml

security.gentoo.org/glsa/glsa-200801-02.xml

security.gentoo.org/glsa/glsa-200801-18.xml

security.gentoo.org/glsa/glsa-200801-19.xml

security.gentoo.org/glsa/glsa-200802-10.xml

security.gentoo.org/glsa/glsa-200805-11.xml

support.avaya.com/elmodocs2/security/ASA-2007-505.htm

www.debian.org/security/2008/dsa-1570

www.mandriva.com/security/advisories?name=MDVSA-2008:012

www.mandriva.com/security/advisories?name=MDVSA-2008:030

www.novell.com/linux/security/advisories/2007_62_pcre.html

www.pcre.org/changelog.txt

www.redhat.com/support/errata/RHSA-2007-1059.html

www.redhat.com/support/errata/RHSA-2007-1063.html

www.redhat.com/support/errata/RHSA-2007-1065.html

www.redhat.com/support/errata/RHSA-2007-1068.html

www.redhat.com/support/errata/RHSA-2007-1076.html

www.redhat.com/support/errata/RHSA-2007-1077.html

www.redhat.com/support/errata/RHSA-2008-0546.html

www.securityfocus.com/archive/1/488457/100/0/threaded

www.securityfocus.com/archive/1/490917/100/0/threaded

www.securityfocus.com/bid/26462

www.vupen.com/english/advisories/2008/0637

www.vupen.com/english/advisories/2008/1234/references

bugzilla.redhat.com/show_bug.cgi?id=383371

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.9

Confidence

High

EPSS

0.021

Percentile

89.2%

JSON

Related for CVE-2006-7228

cvelist4 ubuntucve3 debiancve3 nvd4 cve3 gentoo2 securityvulns2 openvas52 nessus33 centos7 redhat8 oraclelinux4 vmware4 suse2 debian1