Computer Security
[EN] securityvulns.ru no-pyccku


PCRE and perl regular expression handling multiple security vulnerabilities
Published:07.11.2007
Source:
SecurityVulns ID:8321
Type:library
Threat Level:
7/10
Description:Buffer overflows and memory corruptions on different regexps.
Affected:PERL : perl 5.8
 PCRE : pcre 7.3
CVE:CVE-2007-5116
 CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.)
 CVE-2007-4767
 CVE-2007-4766
 CVE-2007-1662
 CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.)
 CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.)
 CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution (07.11.2007)
 documentMANDRIVA, [ MDKSA-2007:207 ] - Updated perl packages fix vulnerability (07.11.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod