CVE - CVE-2007-4768 (under review)

About CVE

Terminology
Documents
FAQs
CVE List

About CVE Identifiers
Obtain a CVE Identifier
Search CVE
Search NVD
CVE In Use

CVE Adoption
CVE-Compatible Products
NVD for CVE Fix Information
More . . .
News & Events

Calendar
Free Newsletter
Community

CVE Editorial Board
Sponsor
Contact Us

Search the Site

CVE List

Data Updates & RSS Feeds
Reference Key/Maps
Data Sources
Versions
Search Tips
Editor's Commentary
Obtain a CVE Identifier
Editorial Policies
About CVE Identifiers

Items of Interest

Terminology
NVD

CVE-ID
CVE-2007-4768 (under review)	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20071106 rPSA-2007-0231-1 pcre URL:http://www.securityfocus.com/archive/1/archive/1/483357/100/0/threaded BUGTRAQ:20071112 FLEA-2007-0064-1 pcre URL:http://www.securityfocus.com/archive/1/archive/1/483579/100/0/threaded MLIST:[gtk-devel-list] 20071107 GLib 2.14.3 URL:http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html MISC:http://bugs.gentoo.org/show_bug.cgi?id=198976 CONFIRM:https://issues.rpath.com/browse/RPL-1738 CONFIRM:http://docs.info.apple.com/article.html?artnum=307179 CONFIRM:http://www.adobe.com/support/security/bulletins/apsb07-20.html CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://www.adobe.com/support/security/bulletins/apsb08-13.html APPLE:APPLE-SA-2007-12-17 URL:http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html DEBIAN:DSA-1399 URL:http://www.debian.org/security/2007/dsa-1399 DEBIAN:DSA-1570 URL:http://www.debian.org/security/2008/dsa-1570 FEDORA:FEDORA-2008-1842 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html GENTOO:GLSA-200711-30 URL:http://security.gentoo.org/glsa/glsa-200711-30.xml GENTOO:GLSA-200801-02 URL:http://security.gentoo.org/glsa/glsa-200801-02.xml GENTOO:GLSA-200801-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml GENTOO:GLSA-200801-18 URL:http://security.gentoo.org/glsa/glsa-200801-18.xml GENTOO:GLSA-200801-19 URL:http://security.gentoo.org/glsa/glsa-200801-19.xml GENTOO:GLSA-200805-11 URL:http://security.gentoo.org/glsa/glsa-200805-11.xml MANDRIVA:MDKSA-2007:211 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 REDHAT:RHSA-2007:1126 URL:http://www.redhat.com/support/errata/RHSA-2007-1126.html SUNALERT:238305 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 SUNALERT:239286 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 SUSE:SUSE-SA:2007:069 URL:http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html UBUNTU:USN-547-1 URL:http://www.ubuntulinux.org/support/documentation/usn/usn-547-1 CERT:TA07-352A URL:http://www.us-cert.gov/cas/techalerts/TA07-352A.html CERT:TA07-355A URL:http://www.us-cert.gov/cas/techalerts/TA07-355A.html BID:26346 URL:http://www.securityfocus.com/bid/26346 OVAL:oval:org.mitre.oval:def:9701 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9701 VUPEN:ADV-2007-3725 URL:http://www.vupen.com/english/advisories/2007/3725 VUPEN:ADV-2007-3790 URL:http://www.vupen.com/english/advisories/2007/3790 VUPEN:ADV-2007-4238 URL:http://www.vupen.com/english/advisories/2007/4238 VUPEN:ADV-2007-4258 URL:http://www.vupen.com/english/advisories/2007/4258 VUPEN:ADV-2008-0924 URL:http://www.vupen.com/english/advisories/2008/0924/references VUPEN:ADV-2008-1724 URL:http://www.vupen.com/english/advisories/2008/1724/references VUPEN:ADV-2008-1966 URL:http://www.vupen.com/english/advisories/2008/1966/references SECTRACK:1019116 URL:http://securitytracker.com/id?1019116 SECUNIA:27538 URL:http://secunia.com/advisories/27538 SECUNIA:27543 URL:http://secunia.com/advisories/27543 SECUNIA:27554 URL:http://secunia.com/advisories/27554 SECUNIA:27741 URL:http://secunia.com/advisories/27741 SECUNIA:27697 URL:http://secunia.com/advisories/27697 SECUNIA:28136 URL:http://secunia.com/advisories/28136 SECUNIA:28157 URL:http://secunia.com/advisories/28157 SECUNIA:28161 URL:http://secunia.com/advisories/28161 SECUNIA:28406 URL:http://secunia.com/advisories/28406 SECUNIA:28414 URL:http://secunia.com/advisories/28414 SECUNIA:28570 URL:http://secunia.com/advisories/28570 SECUNIA:28714 URL:http://secunia.com/advisories/28714 SECUNIA:28720 URL:http://secunia.com/advisories/28720 SECUNIA:28213 URL:http://secunia.com/advisories/28213 SECUNIA:29267 URL:http://secunia.com/advisories/29267 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:30155 URL:http://secunia.com/advisories/30155 SECUNIA:30219 URL:http://secunia.com/advisories/30219 SECUNIA:30507 URL:http://secunia.com/advisories/30507 SECUNIA:30840 URL:http://secunia.com/advisories/30840 SECUNIA:30106 URL:http://secunia.com/advisories/30106 XF:pcre-class-unicode-bo(38278) URL:http://xforce.iss.net/xforce/xfdb/38278
Status
Candidate	This CVE Identifier has "Candidate" status and must be reviewed and accepted by the CVE Editorial Board before it can be updated to official "Entry" status on the CVE List. It may be modified or even rejected in the future.
Phase
Assigned (20070910)
Votes

Comments

Candidate assigned on 20070910 and proposed on N/A
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org