CVE-2006-7227

Current Description

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Referenced by CVEs:CVE-2006-7228

Basic Data

PublishedNovember 14, 2007
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPcrePcre********6.6

Vulnerable Software List

VendorProductVersions
Pcre Pcre *

References

NameSourceURLTags
http://bugs.gentoo.org/show_bug.cgi?id=198976http://bugs.gentoo.org/show_bug.cgi?id=198976MISC
SUSE-SA:2008:004http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.htmlSUSE
http://scary.beasts.org/security/CESA-2007-006.htmlhttp://scary.beasts.org/security/CESA-2007-006.htmlMISC
27582http://secunia.com/advisories/27582SECUNIAPATCH
27741http://secunia.com/advisories/27741SECUNIA
27773http://secunia.com/advisories/27773SECUNIA
27869http://secunia.com/advisories/27869SECUNIA
28406http://secunia.com/advisories/28406SECUNIA
28414http://secunia.com/advisories/28414SECUNIA
28658http://secunia.com/advisories/28658SECUNIA
28714http://secunia.com/advisories/28714SECUNIA
28720http://secunia.com/advisories/28720SECUNIA
30106http://secunia.com/advisories/30106SECUNIA
30155http://secunia.com/advisories/30155SECUNIA
30219http://secunia.com/advisories/30219SECUNIA
GLSA-200711-30http://security.gentoo.org/glsa/glsa-200711-30.xmlGENTOO
GLSA-200801-02http://security.gentoo.org/glsa/glsa-200801-02.xmlGENTOO
GLSA-200801-18http://security.gentoo.org/glsa/glsa-200801-18.xmlGENTOO
GLSA-200801-19http://security.gentoo.org/glsa/glsa-200801-19.xmlGENTOO
GLSA-200805-11http://security.gentoo.org/glsa/glsa-200805-11.xmlGENTOO
http://support.avaya.com/elmodocs2/security/ASA-2007-493.htmhttp://support.avaya.com/elmodocs2/security/ASA-2007-493.htmCONFIRM
DSA-1570http://www.debian.org/security/2008/dsa-1570DEBIAN
MDVSA-2008:030http://www.mandriva.com/security/advisories?name=MDVSA-2008:030MANDRIVA
SUSE-SA:2007:062http://www.novell.com/linux/security/advisories/2007_62_pcre.htmlSUSE
http://www.pcre.org/changelog.txthttp://www.pcre.org/changelog.txtCONFIRM
RHSA-2007:1052http://www.redhat.com/support/errata/RHSA-2007-1052.htmlREDHATPATCH
26462http://www.securityfocus.com/bid/26462BID
oval:org.mitre.oval:def:10408https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408OVAL