Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
http://lists.vmware.com/pipermail/security-announce/2008/000014.html
http://scary.beasts.org/security/CESA-2007-006.html
http://secunia.com/advisories/27582
http://secunia.com/advisories/27741
http://secunia.com/advisories/27773
http://secunia.com/advisories/27776
http://secunia.com/advisories/28027
http://secunia.com/advisories/28041
http://secunia.com/advisories/28050
http://secunia.com/advisories/28406
http://secunia.com/advisories/28414
http://secunia.com/advisories/28658
http://secunia.com/advisories/28714
http://secunia.com/advisories/28720
http://secunia.com/advisories/29032
http://secunia.com/advisories/29085
http://secunia.com/advisories/29785
http://secunia.com/advisories/30106
http://secunia.com/advisories/30155
http://secunia.com/advisories/30219
http://secunia.com/advisories/31124
http://security.gentoo.org/glsa/glsa-200711-30.xml
http://security.gentoo.org/glsa/glsa-200801-02.xml
http://security.gentoo.org/glsa/glsa-200801-18.xml
http://security.gentoo.org/glsa/glsa-200801-19.xml
http://security.gentoo.org/glsa/glsa-200802-10.xml
http://security.gentoo.org/glsa/glsa-200805-11.xml
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
http://www.debian.org/security/2008/dsa-1570
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
http://www.pcre.org/changelog.txt
http://www.redhat.com/support/errata/RHSA-2007-1059.html
http://www.redhat.com/support/errata/RHSA-2007-1063.html
http://www.redhat.com/support/errata/RHSA-2007-1065.html
http://www.redhat.com/support/errata/RHSA-2007-1068.html
http://www.redhat.com/support/errata/RHSA-2007-1076.html
http://www.redhat.com/support/errata/RHSA-2007-1077.html
http://www.redhat.com/support/errata/RHSA-2008-0546.html
http://www.securityfocus.com/archive/1/488457/100/0/threaded
http://www.securityfocus.com/archive/1/490917/100/0/threaded
http://www.securityfocus.com/bid/26462
http://www.vupen.com/english/advisories/2008/0637
http://www.vupen.com/english/advisories/2008/1234/references
https://bugzilla.redhat.com/show_bug.cgi?id=383371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810
OR
cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* versions up to 6.6 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
67614 | Oracle Linux 3 / 4 : python (ELSA-2007-1076) | Nessus | Oracle Linux Local Security Checks | medium |
67613 | Oracle Linux 4 : pcre (ELSA-2007-1068) | Nessus | Oracle Linux Local Security Checks | medium |
67612 | Oracle Linux 3 : pcre (ELSA-2007-1063) | Nessus | Oracle Linux Local Security Checks | medium |
67611 | Oracle Linux 5 : pcre (ELSA-2007-1059) | Nessus | Oracle Linux Local Security Checks | medium |
67061 | CentOS 4 : pcre (CESA-2007:1068) | Nessus | CentOS Local Security Checks | medium |
65042 | Scientific Linux Security Update : pcre on SL4.x, SL3.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
60327 | Scientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
60298 | Scientific Linux Security Update : pcre on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
41187 | SuSE9 Security Update : PHP4 (YOU Patch Number 12049) | Nessus | SuSE Local Security Checks | high |
41173 | SuSE9 Security Update : Python (YOU Patch Number 12013) | Nessus | SuSE Local Security Checks | high |
41170 | SuSE9 Security Update : Apache 2 (YOU Patch Number 12000) | Nessus | SuSE Local Security Checks | medium |
40377 | VMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus | Nessus | VMware ESX Local Security Checks | critical |
40374 | VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates | Nessus | VMware ESX Local Security Checks | high |
36264 | CentOS 3 : pcre (CESA-2007:1063) | Nessus | CentOS Local Security Checks | medium |
33512 | RHEL 2.1 : php (RHSA-2008:0546) | Nessus | Red Hat Local Security Checks | critical |
32144 | Debian DSA-1570-1 : kazehakase - various | Nessus | Debian Local Security Checks | high |
31158 | GLSA-200802-10 : Python: PCRE Integer overflow | Nessus | Gentoo Local Security Checks | medium |
29878 | openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810) | Nessus | SuSE Local Security Checks | high |
29780 | SuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808) | Nessus | SuSE Local Security Checks | high |
29302 | RHEL 2.1 : python (RHSA-2007:1077) | Nessus | Red Hat Local Security Checks | medium |
29301 | RHEL 3 / 4 : python (RHSA-2007:1076) | Nessus | Red Hat Local Security Checks | medium |
29255 | CentOS 3 / 4 : python (CESA-2007:1076) | Nessus | CentOS Local Security Checks | medium |
28367 | RHEL 4 : pcre (RHSA-2007:1068) | Nessus | Red Hat Local Security Checks | medium |
28366 | RHEL 2.1 : pcre (RHSA-2007:1065) | Nessus | Red Hat Local Security Checks | medium |
28365 | RHEL 3 : pcre (RHSA-2007:1063) | Nessus | Red Hat Local Security Checks | medium |
28364 | RHEL 5 : pcre (RHSA-2007:1059) | Nessus | Red Hat Local Security Checks | medium |
28319 | GLSA-200711-30 : PCRE: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
27849 | Mandrake Linux Security Advisory : pcre (MDKSA-2007:212) | Nessus | Mandriva Local Security Checks | high |