FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1659

This CVE name corresponds to:

Entered Topic
2007-11-06 pcre -- arbitrary code execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1659 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1659
Phase Assigned(20070324)

Description

Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.

References

Source Reference
BUGTRAQ 20071106 rPSA-2007-0231-1 pcre
BUGTRAQ 20071112 FLEA-2007-0064-1 pcre
MLIST [gtk-devel-list] 20071107 GLib 2.14.3
MISC http://bugs.gentoo.org/show_bug.cgi?id=198976
CONFIRM http://www.pcre.org/changelog.txt
CONFIRM https://issues.rpath.com/browse/RPL-1738
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
CONFIRM http://docs.info.apple.com/article.html?artnum=307179
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
APPLE APPLE-SA-2007-12-17
APPLE APPLE-SA-2008-03-18
DEBIAN DSA-1399
DEBIAN DSA-1570
FEDORA FEDORA-2008-1842
GENTOO GLSA-200711-30
GENTOO GLSA-200801-02
GENTOO GLSA-200801-18
GENTOO GLSA-200801-19
GENTOO GLSA-200805-11
MANDRIVA MDKSA-2007:211
MANDRIVA MDKSA-2007:212
MANDRIVA MDVSA-2008:030
REDHAT RHSA-2007:0967
REDHAT RHSA-2007:1068
SUSE SUSE-SA:2007:062
SUSE SUSE-SR:2007:025
SUSE SUSE-SA:2008:004
UBUNTU USN-547-1
CERT TA07-352A
BID 26346
OVAL oval:org.mitre.oval:def:9725
VUPEN ADV-2007-3725
VUPEN ADV-2007-3790
VUPEN ADV-2007-4238
VUPEN ADV-2008-0924
SECTRACK 1018895
SECUNIA 27598
SECUNIA 27538
SECUNIA 27543
SECUNIA 27547
SECUNIA 27554
SECUNIA 27741
SECUNIA 27773
SECUNIA 27697
SECUNIA 28041
SECUNIA 27965
SECUNIA 28136
SECUNIA 28406
SECUNIA 28414
SECUNIA 28658
SECUNIA 28714
SECUNIA 28720
SECUNIA 29267
SECUNIA 29420
SECUNIA 30155
SECUNIA 30219
SECUNIA 30106
XF pcre-regex-code-execution(38272)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.