CVE-2007-1661

Severity

64%

Complexity

99%

Confidentiality

81%

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P).

Overview

First reported 17 years ago

2007-11-07 23:46:00

Last updated 6 years ago

2018-10-16 16:39:00

Affected Software

pcre Perl-Compatible Regular Expression Library 7.0

7.0

pcre Perl-Compatible Regular Expression Library 7.1

7.1

Apple Mac OS X 10.4.11

10.4.11

Apple Mac OS X Server 10.4.11

10.4.11

References

http://bugs.gentoo.org/show_bug.cgi?id=198976

http://docs.info.apple.com/article.html?artnum=307179

http://docs.info.apple.com/article.html?artnum=307562

APPLE-SA-2007-12-17

APPLE-SA-2008-03-18

[gtk-devel-list] 20071107 GLib 2.14.3

27538

Vendor Advisory

27543

Vendor Advisory

27554

Vendor Advisory

27697

Vendor Advisory

27741

Vendor Advisory

27773

Vendor Advisory

28136

Vendor Advisory

28406

Vendor Advisory

28414

Vendor Advisory

28714

Vendor Advisory

28720

Vendor Advisory

29267

Vendor Advisory

29420

Vendor Advisory

30106

Vendor Advisory

30155

Vendor Advisory

30219

Vendor Advisory

GLSA-200711-30

GLSA-200801-02

GLSA-200801-18

GLSA-200801-19

GLSA-200805-11

DSA-1399

Patch

DSA-1570

MDKSA-2007:211

SUSE-SA:2007:062

http://www.pcre.org/changelog.txt

20071106 rPSA-2007-0231-1 pcre

20071112 FLEA-2007-0064-1 pcre

26346

TA07-352A

US Government Resource

ADV-2007-3725

ADV-2007-3790

ADV-2007-4238

ADV-2008-0924

pcre-nonutf8-dos(38274)

https://issues.rpath.com/browse/RPL-1738

USN-547-1

FEDORA-2008-1842

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.