Executive Summary

Informations
Name CVE-2008-0674 First vendor Publication 2008-02-18
Vendor Cve Last vendor Modification 2018-10-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16801
 
Oval ID: oval:org.mitre.oval:def:16801
Title: USN-581-1 -- pcre3 vulnerability
Description: It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences.
Family: unix Class: patch
Reference(s): USN-581-1
CVE-2008-0674
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
Product(s): pcre3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18757
 
Oval ID: oval:org.mitre.oval:def:18757
Title: DSA-1499-1 pcre3 - arbitrary code execution
Description: It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (<a href="http://security-tracker.debian.org/tracker/CVE-2008-0674">CVE-2008-0674</a>).
Family: unix Class: patch
Reference(s): DSA-1499-1
CVE-2008-0674
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): pcre3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7886
 
Oval ID: oval:org.mitre.oval:def:7886
Title: DSA-1499 pcre3 -- buffer overflow
Description: It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674).
Family: unix Class: patch
Reference(s): DSA-1499
CVE-2008-0674
Version: 3
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 3.1
Product(s): pcre3
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP version smaller than 5.2.6
File : nvt/nopsec_php_5_2_6.nasl
2010-05-12 Name : Mac OS X Security Update 2008-005
File : nvt/macosx_secupd_2008-005.nasl
2010-05-12 Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12 Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003
File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-04-09 Name : Mandriva Update for pcre MDVSA-2008:053 (pcre)
File : nvt/gb_mandriva_MDVSA_2008_053.nasl
2009-03-23 Name : Ubuntu Update for pcre3 vulnerability USN-581-1
File : nvt/gb_ubuntu_USN_581_1.nasl
2009-02-17 Name : Fedora Update for pcre FEDORA-2008-6111
File : nvt/gb_fedora_2008_6111_pcre_fc8.nasl
2009-02-16 Name : Fedora Update for glib2 FEDORA-2008-1533
File : nvt/gb_fedora_2008_1533_glib2_fc8.nasl
2009-02-16 Name : Fedora Update for pcre FEDORA-2008-1783
File : nvt/gb_fedora_2008_1783_pcre_fc8.nasl
2009-02-16 Name : Fedora Update for pcre FEDORA-2008-1842
File : nvt/gb_fedora_2008_1842_pcre_fc7.nasl
2008-11-19 Name : Gentoo Security Advisory GLSA 200811-05 (php)
File : nvt/glsa_200811_05.nasl
2008-10-07 Name : Multiple Vulnerabilities in PHP August-08
File : nvt/gb_php_mult_vuln_aug08.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200803-24 (libpcre glib)
File : nvt/glsa_200803_24.nasl
2008-09-04 Name : FreeBSD Ports: pcre
File : nvt/freebsd_pcre1.nasl
2008-02-28 Name : Debian Security Advisory DSA 1499-1 (pcre3)
File : nvt/deb_1499_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
41989 Perl-Compatible Regular Expression (PCRE) Character Class Handling Remote DoS

Nessus® Vulnerability Scanner

Date Description
2009-08-05 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-053.nasl - Type : ACT_GATHER_INFO
2008-11-17 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200811-05.nasl - Type : ACT_GATHER_INFO
2008-10-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-08-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6111.nasl - Type : ACT_GATHER_INFO
2008-05-02 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_6.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200803-24.nasl - Type : ACT_GATHER_INFO
2008-03-07 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1842.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_f9e96930e6df11dc8c6a00304881ac9a.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1499.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-581-1.nasl - Type : ACT_GATHER_INFO
2008-02-20 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1783.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1533.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
BID http://www.securityfocus.com/bid/27786
http://www.securityfocus.com/bid/29009
http://www.securityfocus.com/bid/31681
BUGTRAQ http://www.securityfocus.com/archive/1/488927/100/0/threaded
http://www.securityfocus.com/archive/1/492535/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA09-218A.html
CONFIRM http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news
http://pcre.org/changelog.txt
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3757
http://wiki.rpath.com/Advisories:rPSA-2008-0086
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
http://www.php.net/ChangeLog-5.php
https://bugzilla.redhat.com/show_bug.cgi?id=431660
https://issues.rpath.com/browse/RPL-2223
https://issues.rpath.com/browse/RPL-2503
DEBIAN http://www.debian.org/security/2008/dsa-1499
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0037...
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0063...
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
GENTOO http://security.gentoo.org/glsa/glsa-200803-24.xml
http://security.gentoo.org/glsa/glsa-200811-05.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:053
MLIST http://www.openwall.com/lists/oss-security/2008/05/02/2
SECTRACK http://www.securitytracker.com/id?1022674
SECUNIA http://secunia.com/advisories/28923
http://secunia.com/advisories/28957
http://secunia.com/advisories/28960
http://secunia.com/advisories/28985
http://secunia.com/advisories/28996
http://secunia.com/advisories/29027
http://secunia.com/advisories/29048
http://secunia.com/advisories/29175
http://secunia.com/advisories/29267
http://secunia.com/advisories/29282
http://secunia.com/advisories/30048
http://secunia.com/advisories/30345
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://secunia.com/advisories/32746
http://secunia.com/advisories/36096
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
UBUNTU https://usn.ubuntu.com/581-1/
VUPEN http://www.vupen.com/english/advisories/2008/0570
http://www.vupen.com/english/advisories/2008/0592
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/2172
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/40505

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2021-05-05 01:04:29
  • Multiple Updates
2021-05-04 12:07:05
  • Multiple Updates
2021-04-22 01:07:32
  • Multiple Updates
2020-05-23 01:39:05
  • Multiple Updates
2020-05-23 00:21:14
  • Multiple Updates
2018-10-16 05:18:09
  • Multiple Updates
2018-10-04 00:19:31
  • Multiple Updates
2017-08-08 09:23:51
  • Multiple Updates
2016-04-26 17:06:18
  • Multiple Updates
2014-02-17 10:43:44
  • Multiple Updates
2013-05-11 00:08:56
  • Multiple Updates