Lucene search

Veracode Vulnerability DatabaseVERACODE:10819

HistoryJan 15, 2019 - 8:52 a.m.

Regular Expression Denial Of Service (ReDoS)

2019-01-1508:52:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

74.4%

JSON

tcl is vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability exists as the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

CPENameOperatorVersion
tcleq8.4.13__4.el5
postgresqleq8.1.4__1.el4s1.1
postgresqleq8.2.4__6.el5s2
postgresqleq8.1.8__1.el5
postgresqleq8.1.9__1.el4s1.1
postgresqleq7.4.19__1.el4_6.1
postgresqleq8.1.8__1.el4s1.1
postgresqleq8.1.9__1.el5
postgresqleq8.1.7__3.el4s1.1
postgresqleq8.1.11__1.el5_1.1

Name	Operator	Version
tcl	eq	8.4.13__4.el5
postgresql	eq	8.1.4__1.el4s1.1
postgresql	eq	8.2.4__6.el5s2
postgresql	eq	8.1.8__1.el5
postgresql	eq	8.1.9__1.el4s1.1
postgresql	eq	7.4.19__1.el4_6.1
postgresql	eq	8.1.8__1.el4s1.1
postgresql	eq	8.1.9__1.el5
postgresql	eq	8.1.7__3.el4s1.1
postgresql	eq	8.1.11__1.el5_1.1

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html

rhn.redhat.com/errata/RHSA-2013-0122.html

secunia.com/advisories/28359

secunia.com/advisories/28376

secunia.com/advisories/28437

secunia.com/advisories/28438

secunia.com/advisories/28454

secunia.com/advisories/28455

secunia.com/advisories/28464

secunia.com/advisories/28477

secunia.com/advisories/28479

secunia.com/advisories/28679

secunia.com/advisories/28698

secunia.com/advisories/29070

secunia.com/advisories/29248

secunia.com/advisories/29638

secunia.com/advisories/30535

security.gentoo.org/glsa/glsa-200801-15.xml

securitytracker.com/id?1019157

sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

www.debian.org/security/2008/dsa-1460

www.debian.org/security/2008/dsa-1463

www.mandriva.com/security/advisories?name=MDVSA-2008:004

www.mandriva.com/security/advisories?name=MDVSA-2008:059

www.postgresql.org/about/news.905

www.redhat.com/support/errata/RHSA-2008-0038.html

www.redhat.com/support/errata/RHSA-2008-0040.html

www.redhat.com/support/errata/RHSA-2008-0134.html

www.securityfocus.com/archive/1/485864/100/0/threaded

www.securityfocus.com/archive/1/486407/100/0/threaded

www.securityfocus.com/archive/1/493080/100/0/threaded

www.securityfocus.com/bid/27163

www.vmware.com/security/advisories/VMSA-2008-0009.html

www.vupen.com/english/advisories/2008/0061

www.vupen.com/english/advisories/2008/0109

www.vupen.com/english/advisories/2008/1071/references

www.vupen.com/english/advisories/2008/1744

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=478961

exchange.xforce.ibmcloud.com/vulnerabilities/39497

issues.rpath.com/browse/RPL-1768

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569

rhn.redhat.com/errata/RHSA-2013-0122.html

usn.ubuntu.com/568-1/

www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for VERACODE:10819