CVE-2007-4772

Severity

40%

Complexity

80%

Confidentiality

48%

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

First reported 17 years ago

2008-01-09 21:46:00

Last updated 5 years ago

2019-10-09 22:53:00

Affected Software

PostgreSQL

Debian Debian Linux 3.1

3.1

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 6.10

6.10

Canonical Ubuntu Linux 7.04

7.04

Canonical Ubuntu Linux 7.10

7.10

References

SSRT080006

Broken Link

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Third Party Advisory

SUSE-SA:2008:005

Mailing List, Third Party Advisory

openSUSE-SU-2016:0531

Mailing List, Third Party Advisory

SUSE-SU-2016:0539

Mailing List, Third Party Advisory

SUSE-SU-2016:0555

Third Party Advisory

openSUSE-SU-2016:0578

Mailing List, Third Party Advisory

SUSE-SU-2016:0677

Mailing List, Third Party Advisory

RHSA-2013:0122

Third Party Advisory

28359

Third Party Advisory

28376

Third Party Advisory

28437

Third Party Advisory

28438

Third Party Advisory

28454

Third Party Advisory

28455

Third Party Advisory

28464

Third Party Advisory

28477

Third Party Advisory

28479

Third Party Advisory

28679

Third Party Advisory

28698

Third Party Advisory

29070

Third Party Advisory

29248

Third Party Advisory

29638

Third Party Advisory

30535

Third Party Advisory

GLSA-200801-15

Third Party Advisory

1019157

Third Party Advisory, VDB Entry

http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

Third Party Advisory

http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

Exploit, Third Party Advisory

103197

Broken Link

200559

Broken Link

DSA-1460

Third Party Advisory

DSA-1463

Third Party Advisory

MDVSA-2008:004

Third Party Advisory

MDVSA-2008:059

Third Party Advisory

http://www.postgresql.org/about/news.905

Vendor Advisory

RHSA-2008:0038

Third Party Advisory

RHSA-2008:0040

Third Party Advisory

RHSA-2008:0134

Third Party Advisory

20080107 PostgreSQL 2007-01-07 Cumulative Security Release

Third Party Advisory, VDB Entry

20080115 rPSA-2008-0016-1 postgresql postgresql-server

Third Party Advisory, VDB Entry

20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Third Party Advisory, VDB Entry

27163

Patch, Third Party Advisory, VDB Entry

http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Third Party Advisory

ADV-2008-0061

Third Party Advisory

ADV-2008-0109

Third Party Advisory

ADV-2008-1071

Third Party Advisory

ADV-2008-1744

Broken Link

postgresql-regular-expression-dos(39497)

Third Party Advisory, VDB Entry

https://issues.rpath.com/browse/RPL-1768

Broken Link

oval:org.mitre.oval:def:11569

Third Party Advisory

USN-568-1

Third Party Advisory

FEDORA-2008-0478

Third Party Advisory

FEDORA-2008-0552

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.