CVE-2007-1662

Current Description

Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.

Basic Data

PublishedNovember 07, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPcrePcre********7.3

Vulnerable Software List

VendorProductVersions
Pcre Pcre *

References

NameSourceURLTags
http://bugs.gentoo.org/show_bug.cgi?id=198976http://bugs.gentoo.org/show_bug.cgi?id=198976MISC
http://docs.info.apple.com/article.html?artnum=307179http://docs.info.apple.com/article.html?artnum=307179CONFIRM
http://docs.info.apple.com/article.html?artnum=307562http://docs.info.apple.com/article.html?artnum=307562CONFIRM
APPLE-SA-2007-12-17http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlAPPLE
APPLE-SA-2008-03-18http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlAPPLE
[gtk-devel-list] 20071107 GLib 2.14.3http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.htmlMLIST
27538http://secunia.com/advisories/27538SECUNIA
27543http://secunia.com/advisories/27543SECUNIA
27554http://secunia.com/advisories/27554SECUNIA
27697http://secunia.com/advisories/27697SECUNIA
27741http://secunia.com/advisories/27741SECUNIA
28136http://secunia.com/advisories/28136SECUNIA
28406http://secunia.com/advisories/28406SECUNIA
28414http://secunia.com/advisories/28414SECUNIA
28714http://secunia.com/advisories/28714SECUNIA
28720http://secunia.com/advisories/28720SECUNIA
29267http://secunia.com/advisories/29267SECUNIA
29420http://secunia.com/advisories/29420SECUNIA
30106http://secunia.com/advisories/30106SECUNIA
30155http://secunia.com/advisories/30155SECUNIA
30219http://secunia.com/advisories/30219SECUNIA
GLSA-200711-30http://security.gentoo.org/glsa/glsa-200711-30.xmlGENTOO
GLSA-200801-02http://security.gentoo.org/glsa/glsa-200801-02.xmlGENTOO
GLSA-200801-18http://security.gentoo.org/glsa/glsa-200801-18.xmlGENTOO
GLSA-200801-19http://security.gentoo.org/glsa/glsa-200801-19.xmlGENTOO
GLSA-200805-11http://security.gentoo.org/glsa/glsa-200805-11.xmlGENTOO
DSA-1399http://www.debian.org/security/2007/dsa-1399DEBIANPATCH
DSA-1570http://www.debian.org/security/2008/dsa-1570DEBIAN
MDKSA-2007:211http://www.mandriva.com/security/advisories?name=MDKSA-2007:211MANDRIVA
http://www.pcre.org/changelog.txthttp://www.pcre.org/changelog.txtCONFIRM
20071106 rPSA-2007-0231-1 pcrehttp://www.securityfocus.com/archive/1/483357/100/0/threadedBUGTRAQ
20071112 FLEA-2007-0064-1 pcrehttp://www.securityfocus.com/archive/1/483579/100/0/threadedBUGTRAQ
26346http://www.securityfocus.com/bid/26346BID
TA07-352Ahttp://www.us-cert.gov/cas/techalerts/TA07-352A.htmlCERTUS Government Resource
ADV-2007-3725http://www.vupen.com/english/advisories/2007/3725VUPEN
ADV-2007-3790http://www.vupen.com/english/advisories/2007/3790VUPEN
ADV-2007-4238http://www.vupen.com/english/advisories/2007/4238VUPEN
ADV-2008-0924http://www.vupen.com/english/advisories/2008/0924/referencesVUPEN
pcre-unmatched-dos(38275)https://exchange.xforce.ibmcloud.com/vulnerabilities/38275XF
https://issues.rpath.com/browse/RPL-1738https://issues.rpath.com/browse/RPL-1738CONFIRM
USN-547-1https://usn.ubuntu.com/547-1/UBUNTU
FEDORA-2008-1842https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.htmlFEDORA