CVE-2007-1661

Executive Summary

Informations
Name	CVE-2007-1661	First vendor Publication	2007-11-07
Vendor	Cve	Last vendor Modification	2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Cvss Base Score	6.4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661

CPE : Common Platform Enumeration

Type	Description	Count
Application	Pcre Pcre cpe:/a:pcre:pcre:7.3	1

Open Source Vulnerability Database (OSVDB)

id	Description
40761	Perl-Compatible Regular Expression (PCRE) Non-UTF-8 Mode Pattern Matching Inf...

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BID	http://www.securityfocus.com/bid/26346
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/483357/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483579/100/0/threaded
CERT	http://www.us-cert.gov/cas/techalerts/TA07-352A.html
CONFIRM	http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://www.pcre.org/changelog.txt https://issues.rpath.com/browse/RPL-1738
DEBIAN	http://www.debian.org/security/2007/dsa-1399 http://www.debian.org/security/2008/dsa-1570
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
GENTOO	http://security.gentoo.org/glsa/glsa-200711-30.xml http://security.gentoo.org/glsa/glsa-200801-02.xml http://security.gentoo.org/glsa/glsa-200801-18.xml http://security.gentoo.org/glsa/glsa-200801-19.xml http://security.gentoo.org/glsa/glsa-200805-11.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
MISC	http://bugs.gentoo.org/show_bug.cgi?id=198976
MLIST	http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
SECUNIA	http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 http://secunia.com/advisories/27697 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/28136 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://secunia.com/advisories/29267 http://secunia.com/advisories/29420 http://secunia.com/advisories/30106 http://secunia.com/advisories/30155 http://secunia.com/advisories/30219
SUSE	http://www.novell.com/linux/security/advisories/2007_62_pcre.html
UBUNTU	http://www.ubuntulinux.org/support/documentation/usn/usn-547-1
VUPEN	http://www.vupen.com/english/advisories/2007/3725 http://www.vupen.com/english/advisories/2007/3790 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2008/0924/references
XF	http://xforce.iss.net/xforce/xfdb/38274

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 10:21:36	Multiple Updates

Type	Count
CPE ID(s)	1
osvdb(s)	1

Related	Severity
TA07-352A	(Critical)
USN-547-1	(High)
MDKSA-2007:211	(High)
GLSA-200805-11	(High)
GLSA-200801-19	(High)
GLSA-200801-18	(High)
GLSA-200801-02	(High)
GLSA-200711-30	(High)
DSA-1570	(High)
DSA-1399	(High)