CVE-2006-7228

Current Description

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Basic Data

PublishedNovember 14, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPcrePcre********6.6

Vulnerable Software List

VendorProductVersions
Pcre Pcre *

References

NameSourceURLTags
http://bugs.gentoo.org/show_bug.cgi?id=198976http://bugs.gentoo.org/show_bug.cgi?id=198976MISC
SUSE-SA:2008:004http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.htmlSUSE
[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updateshttp://lists.vmware.com/pipermail/security-announce/2008/000005.htmlMLIST
[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasushttp://lists.vmware.com/pipermail/security-announce/2008/000014.htmlMLIST
http://scary.beasts.org/security/CESA-2007-006.htmlhttp://scary.beasts.org/security/CESA-2007-006.htmlMISC
27582http://secunia.com/advisories/27582SECUNIAPatch
27741http://secunia.com/advisories/27741SECUNIA
27773http://secunia.com/advisories/27773SECUNIA
27776http://secunia.com/advisories/27776SECUNIA
28027http://secunia.com/advisories/28027SECUNIA
28041http://secunia.com/advisories/28041SECUNIA
28050http://secunia.com/advisories/28050SECUNIA
28406http://secunia.com/advisories/28406SECUNIA
28414http://secunia.com/advisories/28414SECUNIA
28658http://secunia.com/advisories/28658SECUNIA
28714http://secunia.com/advisories/28714SECUNIA
28720http://secunia.com/advisories/28720SECUNIA
29032http://secunia.com/advisories/29032SECUNIA
29085http://secunia.com/advisories/29085SECUNIA
29785http://secunia.com/advisories/29785SECUNIA
30106http://secunia.com/advisories/30106SECUNIA
30155http://secunia.com/advisories/30155SECUNIA
30219http://secunia.com/advisories/30219SECUNIA
31124http://secunia.com/advisories/31124SECUNIA
GLSA-200711-30http://security.gentoo.org/glsa/glsa-200711-30.xmlGENTOO
GLSA-200801-02http://security.gentoo.org/glsa/glsa-200801-02.xmlGENTOO
GLSA-200801-18http://security.gentoo.org/glsa/glsa-200801-18.xmlGENTOO
GLSA-200801-19http://security.gentoo.org/glsa/glsa-200801-19.xmlGENTOO
GLSA-200802-10http://security.gentoo.org/glsa/glsa-200802-10.xmlGENTOO
GLSA-200805-11http://security.gentoo.org/glsa/glsa-200805-11.xmlGENTOO
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htmhttp://support.avaya.com/elmodocs2/security/ASA-2007-505.htmCONFIRM
DSA-1570http://www.debian.org/security/2008/dsa-1570DEBIAN
MDVSA-2008:012http://www.mandriva.com/security/advisories?name=MDVSA-2008:012MANDRIVA
MDVSA-2008:030http://www.mandriva.com/security/advisories?name=MDVSA-2008:030MANDRIVA
SUSE-SA:2007:062http://www.novell.com/linux/security/advisories/2007_62_pcre.htmlSUSE
http://www.pcre.org/changelog.txthttp://www.pcre.org/changelog.txtCONFIRM
RHSA-2007:1059http://www.redhat.com/support/errata/RHSA-2007-1059.htmlREDHAT
RHSA-2007:1063http://www.redhat.com/support/errata/RHSA-2007-1063.htmlREDHAT
RHSA-2007:1065http://www.redhat.com/support/errata/RHSA-2007-1065.htmlREDHAT
RHSA-2007:1068http://www.redhat.com/support/errata/RHSA-2007-1068.htmlREDHAT
RHSA-2007:1076http://www.redhat.com/support/errata/RHSA-2007-1076.htmlREDHAT
RHSA-2007:1077http://www.redhat.com/support/errata/RHSA-2007-1077.htmlREDHAT
RHSA-2008:0546http://www.redhat.com/support/errata/RHSA-2008-0546.htmlREDHAT
20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updateshttp://www.securityfocus.com/archive/1/488457/100/0/threadedBUGTRAQ
20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasushttp://www.securityfocus.com/archive/1/490917/100/0/threadedBUGTRAQ
26462http://www.securityfocus.com/bid/26462BID
ADV-2008-0637http://www.vupen.com/english/advisories/2008/0637VUPEN
ADV-2008-1234http://www.vupen.com/english/advisories/2008/1234/referencesVUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=383371https://bugzilla.redhat.com/show_bug.cgi?id=383371MISC
oval:org.mitre.oval:def:10810https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810OVAL