Lucene search

MitreCVE-2007-1659

HistoryNov 07, 2007 - 11:46 p.m.

CVE-2007-1659

2007-11-0723:46:00

CWE-119

mitre

web.nvd.nist.gov

pcre

denial of service

code execution

regex

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.7

Confidence

High

EPSS

0.041

Percentile

92.2%

JSON

Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched “\Q\E” sequences with orphan “\E” codes.

Affected configurations

Nvd

Node

pcrepcreRange≤7.3

VendorProductVersionCPE
pcrepcrecpe:/a:pcre:pcre::::

Vendor	Product	Version	CPE
pcre	pcre		cpe:/a:pcre:pcre::::

References

bugs.gentoo.org/show_bug.cgi?id=198976

docs.info.apple.com/article.html?artnum=307179

docs.info.apple.com/article.html?artnum=307562

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html

secunia.com/advisories/27538

secunia.com/advisories/27543

secunia.com/advisories/27547

secunia.com/advisories/27554

secunia.com/advisories/27598

secunia.com/advisories/27697

secunia.com/advisories/27741

secunia.com/advisories/27773

secunia.com/advisories/27965

secunia.com/advisories/28041

secunia.com/advisories/28136

secunia.com/advisories/28406

secunia.com/advisories/28414

secunia.com/advisories/28658

secunia.com/advisories/28714

secunia.com/advisories/28720

secunia.com/advisories/29267

secunia.com/advisories/29420

secunia.com/advisories/30106

secunia.com/advisories/30155

secunia.com/advisories/30219

security.gentoo.org/glsa/glsa-200711-30.xml

security.gentoo.org/glsa/glsa-200801-02.xml

security.gentoo.org/glsa/glsa-200801-18.xml

security.gentoo.org/glsa/glsa-200801-19.xml

security.gentoo.org/glsa/glsa-200805-11.xml

securitytracker.com/id?1018895

support.avaya.com/elmodocs2/security/ASA-2007-505.htm

www.debian.org/security/2007/dsa-1399

www.debian.org/security/2008/dsa-1570

www.mandriva.com/security/advisories?name=MDKSA-2007:211

www.mandriva.com/security/advisories?name=MDKSA-2007:212

www.mandriva.com/security/advisories?name=MDVSA-2008:030

www.novell.com/linux/security/advisories/2007_25_sr.html

www.novell.com/linux/security/advisories/2007_62_pcre.html

www.pcre.org/changelog.txt

www.redhat.com/support/errata/RHSA-2007-0967.html

www.redhat.com/support/errata/RHSA-2007-1068.html

www.securityfocus.com/archive/1/483357/100/0/threaded

www.securityfocus.com/archive/1/483579/100/0/threaded

www.securityfocus.com/bid/26346

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/3725

www.vupen.com/english/advisories/2007/3790

www.vupen.com/english/advisories/2007/4238

www.vupen.com/english/advisories/2008/0924/references

exchange.xforce.ibmcloud.com/vulnerabilities/38272

issues.rpath.com/browse/RPL-1738

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725

usn.ubuntu.com/547-1/

www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.7

Confidence

High

EPSS

0.041

Percentile

92.2%

JSON

Related for CVE-2007-1659