tcl is vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability exists as the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
rhn.redhat.com/errata/RHSA-2013-0122.html
secunia.com/advisories/28359
secunia.com/advisories/28376
secunia.com/advisories/28437
secunia.com/advisories/28438
secunia.com/advisories/28454
secunia.com/advisories/28455
secunia.com/advisories/28464
secunia.com/advisories/28477
secunia.com/advisories/28479
secunia.com/advisories/28679
secunia.com/advisories/28698
secunia.com/advisories/29070
secunia.com/advisories/29248
secunia.com/advisories/29638
secunia.com/advisories/30535
security.gentoo.org/glsa/glsa-200801-15.xml
securitytracker.com/id?1019157
sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
www.debian.org/security/2008/dsa-1460
www.debian.org/security/2008/dsa-1463
www.mandriva.com/security/advisories?name=MDVSA-2008:004
www.mandriva.com/security/advisories?name=MDVSA-2008:059
www.postgresql.org/about/news.905
www.redhat.com/support/errata/RHSA-2008-0038.html
www.redhat.com/support/errata/RHSA-2008-0040.html
www.redhat.com/support/errata/RHSA-2008-0134.html
www.securityfocus.com/archive/1/485864/100/0/threaded
www.securityfocus.com/archive/1/486407/100/0/threaded
www.securityfocus.com/archive/1/493080/100/0/threaded
www.securityfocus.com/bid/27163
www.vmware.com/security/advisories/VMSA-2008-0009.html
www.vupen.com/english/advisories/2008/0061
www.vupen.com/english/advisories/2008/0109
www.vupen.com/english/advisories/2008/1071/references
www.vupen.com/english/advisories/2008/1744
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=478961
exchange.xforce.ibmcloud.com/vulnerabilities/39497
issues.rpath.com/browse/RPL-1768
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569
rhn.redhat.com/errata/RHSA-2013-0122.html
usn.ubuntu.com/568-1/
www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html