Computer Security

PCRE and perl regular expression handling multiple security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



PCRE and perl regular expression handling multiple security vulnerabilities
Published:07.11.2007
Source:BUGTRAQ
SecurityVulns ID:8321
Type:library
Level:7/10
Description:Buffer overflows and memory corruptions on different regexps.
Affected:PERL : perl 5.8
 PCRE : pcre 7.3
CVE:CVE-2007-5116
 CVE-2007-4768
 CVE-2007-4767
 CVE-2007-4766
 CVE-2007-1662
 CVE-2007-1661
 CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.)
 CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution (07.11.2007)
 documentMANDRIVA, [ MDKSA-2007:207 ] - Updated perl packages fix vulnerability (07.11.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru