CVE-2006-7230

Current Description

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.

Basic Data

PublishedNovember 15, 2007
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPcrePcre********6.9

Vulnerable Software List

VendorProductVersions
Pcre Pcre *

References

NameSourceURLTags
http://bugs.gentoo.org/show_bug.cgi?id=198976http://bugs.gentoo.org/show_bug.cgi?id=198976MISC
SUSE-SA:2008:004http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.htmlSUSE
27741http://secunia.com/advisories/27741SECUNIA
27773http://secunia.com/advisories/27773SECUNIA
28041http://secunia.com/advisories/28041SECUNIA
28406http://secunia.com/advisories/28406SECUNIA
28414http://secunia.com/advisories/28414SECUNIA
28658http://secunia.com/advisories/28658SECUNIA
28714http://secunia.com/advisories/28714SECUNIA
28720http://secunia.com/advisories/28720SECUNIA
30106http://secunia.com/advisories/30106SECUNIA
30155http://secunia.com/advisories/30155SECUNIA
30219http://secunia.com/advisories/30219SECUNIA
GLSA-200711-30http://security.gentoo.org/glsa/glsa-200711-30.xmlGENTOO
GLSA-200801-02http://security.gentoo.org/glsa/glsa-200801-02.xmlGENTOO
GLSA-200801-18http://security.gentoo.org/glsa/glsa-200801-18.xmlGENTOO
GLSA-200801-19http://security.gentoo.org/glsa/glsa-200801-19.xmlGENTOO
GLSA-200805-11http://security.gentoo.org/glsa/glsa-200805-11.xmlGENTOO
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htmhttp://support.avaya.com/elmodocs2/security/ASA-2007-505.htmCONFIRM
DSA-1570http://www.debian.org/security/2008/dsa-1570DEBIAN
MDVSA-2008:030http://www.mandriva.com/security/advisories?name=MDVSA-2008:030MANDRIVA
SUSE-SA:2007:062http://www.novell.com/linux/security/advisories/2007_62_pcre.htmlSUSE
http://www.pcre.org/changelog.txthttp://www.pcre.org/changelog.txtCONFIRM
RHSA-2007:1059http://www.redhat.com/support/errata/RHSA-2007-1059.htmlREDHAT
RHSA-2007:1068http://www.redhat.com/support/errata/RHSA-2007-1068.htmlREDHAT
26550http://www.securityfocus.com/bid/26550BID
https://bugzilla.redhat.com/show_bug.cgi?id=384801https://bugzilla.redhat.com/show_bug.cgi?id=384801MISC
oval:org.mitre.oval:def:10911https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911OVAL