Lucene search

RedhatCVE-2008-0674

HistoryFeb 18, 2008 - 11:00 p.m.

CVE-2008-0674

2008-02-1823:00:00

CWE-119

redhat

web.nvd.nist.gov

cve

2008-0674

pcre

buffer overflow

remote attackers

arbitrary code

regular expression

character class

unicode code points

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.655

Percentile

97.9%

JSON

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.

Affected configurations

Nvd

Node

pcrepcreRange≤7.5

VendorProductVersionCPE
pcrepcrecpe:/a:pcre:pcre::::

Vendor	Product	Version	CPE
pcre	pcre		cpe:/a:pcre:pcre::::

References

ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news

lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html

pcre.org/changelog.txt

secunia.com/advisories/28923

secunia.com/advisories/28957

secunia.com/advisories/28960

secunia.com/advisories/28985

secunia.com/advisories/28996

secunia.com/advisories/29027

secunia.com/advisories/29048

secunia.com/advisories/29175

secunia.com/advisories/29267

secunia.com/advisories/29282

secunia.com/advisories/30048

secunia.com/advisories/30345

secunia.com/advisories/31326

secunia.com/advisories/32222

secunia.com/advisories/32746

secunia.com/advisories/36096

security.gentoo.org/glsa/glsa-200803-24.xml

security.gentoo.org/glsa/glsa-200811-05.xml

support.apple.com/kb/HT3216

support.apple.com/kb/HT3757

wiki.rpath.com/Advisories:rPSA-2008-0086

wiki.rpath.com/wiki/Advisories:rPSA-2008-0086

wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

www.debian.org/security/2008/dsa-1499

www.mandriva.com/security/advisories?name=MDVSA-2008:053

www.openwall.com/lists/oss-security/2008/05/02/2

www.php.net/ChangeLog-5.php

www.securityfocus.com/archive/1/488927/100/0/threaded

www.securityfocus.com/archive/1/492535/100/0/threaded

www.securityfocus.com/bid/27786

www.securityfocus.com/bid/29009

www.securityfocus.com/bid/31681

www.securitytracker.com/id?1022674

www.us-cert.gov/cas/techalerts/TA09-218A.html

www.vupen.com/english/advisories/2008/0570

www.vupen.com/english/advisories/2008/0592

www.vupen.com/english/advisories/2008/1412

www.vupen.com/english/advisories/2008/2268

www.vupen.com/english/advisories/2008/2780

www.vupen.com/english/advisories/2009/2172

bugzilla.redhat.com/show_bug.cgi?id=431660

exchange.xforce.ibmcloud.com/vulnerabilities/40505

issues.rpath.com/browse/RPL-2223

issues.rpath.com/browse/RPL-2503

usn.ubuntu.com/581-1/

www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html

www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.655

Percentile

97.9%

JSON

Related for CVE-2008-0674