CVE - CVE-2007-1661

CVE-ID
CVE-2007-1661	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2007-12-17 URL:http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BID:26346 URL:http://www.securityfocus.com/bid/26346 BUGTRAQ:20071106 rPSA-2007-0231-1 pcre URL:http://www.securityfocus.com/archive/1/483357/100/0/threaded BUGTRAQ:20071112 FLEA-2007-0064-1 pcre URL:http://www.securityfocus.com/archive/1/483579/100/0/threaded CERT:TA07-352A URL:http://www.us-cert.gov/cas/techalerts/TA07-352A.html CONFIRM:http://docs.info.apple.com/article.html?artnum=307179 CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://www.pcre.org/changelog.txt CONFIRM:https://issues.rpath.com/browse/RPL-1738 DEBIAN:DSA-1399 URL:http://www.debian.org/security/2007/dsa-1399 DEBIAN:DSA-1570 URL:http://www.debian.org/security/2008/dsa-1570 FEDORA:FEDORA-2008-1842 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html GENTOO:GLSA-200711-30 URL:http://security.gentoo.org/glsa/glsa-200711-30.xml GENTOO:GLSA-200801-02 URL:http://security.gentoo.org/glsa/glsa-200801-02.xml GENTOO:GLSA-200801-18 URL:http://security.gentoo.org/glsa/glsa-200801-18.xml GENTOO:GLSA-200801-19 URL:http://security.gentoo.org/glsa/glsa-200801-19.xml GENTOO:GLSA-200805-11 URL:http://security.gentoo.org/glsa/glsa-200805-11.xml MANDRIVA:MDKSA-2007:211 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:211~~ (Obsolete source) MISC:http://bugs.gentoo.org/show_bug.cgi?id=198976 MLIST:[gtk-devel-list] 20071107 GLib 2.14.3 URL:http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html SECUNIA:27538 URL:http://secunia.com/advisories/27538 SECUNIA:27543 URL:http://secunia.com/advisories/27543 SECUNIA:27554 URL:http://secunia.com/advisories/27554 SECUNIA:27697 URL:http://secunia.com/advisories/27697 SECUNIA:27741 URL:http://secunia.com/advisories/27741 SECUNIA:27773 URL:http://secunia.com/advisories/27773 SECUNIA:28136 URL:http://secunia.com/advisories/28136 SECUNIA:28406 URL:http://secunia.com/advisories/28406 SECUNIA:28414 URL:http://secunia.com/advisories/28414 SECUNIA:28714 URL:http://secunia.com/advisories/28714 SECUNIA:28720 URL:http://secunia.com/advisories/28720 SECUNIA:29267 URL:http://secunia.com/advisories/29267 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:30106 URL:http://secunia.com/advisories/30106 SECUNIA:30155 URL:http://secunia.com/advisories/30155 SECUNIA:30219 URL:http://secunia.com/advisories/30219 SUSE:SUSE-SA:2007:062 URL:http://www.novell.com/linux/security/advisories/2007_62_pcre.html UBUNTU:USN-547-1 URL:https://usn.ubuntu.com/547-1/ VUPEN:ADV-2007-3725 URL:~~http://www.vupen.com/english/advisories/2007/3725~~ (Obsolete source) VUPEN:ADV-2007-3790 URL:~~http://www.vupen.com/english/advisories/2007/3790~~ (Obsolete source) VUPEN:ADV-2007-4238 URL:~~http://www.vupen.com/english/advisories/2007/4238~~ (Obsolete source) VUPEN:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) XF:pcre-nonutf8-dos(38274) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38274
Assigning CNA
MITRE Corporation
Date Record Created
20070324	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070324)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)