FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1662

This CVE name corresponds to:

Entered Topic
2007-11-06 pcre -- arbitrary code execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-1662
Phase Assigned(20070324)

Description

Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.

References

Source Reference
BUGTRAQ 20071106 rPSA-2007-0231-1 pcre
BUGTRAQ 20071112 FLEA-2007-0064-1 pcre
MLIST [gtk-devel-list] 20071107 GLib 2.14.3
MISC http://bugs.gentoo.org/show_bug.cgi?id=198976
CONFIRM http://www.pcre.org/changelog.txt
CONFIRM https://issues.rpath.com/browse/RPL-1738
CONFIRM http://docs.info.apple.com/article.html?artnum=307179
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
APPLE APPLE-SA-2007-12-17
APPLE APPLE-SA-2008-03-18
DEBIAN DSA-1399
DEBIAN DSA-1570
FEDORA FEDORA-2008-1842
GENTOO GLSA-200711-30
GENTOO GLSA-200801-02
GENTOO GLSA-200801-18
GENTOO GLSA-200801-19
GENTOO GLSA-200805-11
MANDRIVA MDKSA-2007:211
UBUNTU USN-547-1
CERT TA07-352A
BID 26346
VUPEN ADV-2007-3725
VUPEN ADV-2007-3790
VUPEN ADV-2007-4238
VUPEN ADV-2008-0924
SECUNIA 27538
SECUNIA 27543
SECUNIA 27554
SECUNIA 27741
SECUNIA 27697
SECUNIA 28136
SECUNIA 28406
SECUNIA 28414
SECUNIA 28714
SECUNIA 28720
SECUNIA 29267
SECUNIA 29420
SECUNIA 30155
SECUNIA 30219
SECUNIA 30106
XF pcre-unmatched-dos(38275)