Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-1661

Disclosure Date: November 07, 2007
CVE-2007-1661
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the “\X?\d” and “\P{L}?\d” patterns.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apple,
  • pcre

Products

  • mac os x 10.4.11,
  • mac os x server 10.4.11,
  • perl-compatible regular expression library,
  • perl-compatible regular expression library 7.0,
  • perl-compatible regular expression library 7.1

References

Canonical
CVE-2007-1661 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661)
BID-26346 (http://www.securityfocus.com/bid/26346)
Advisory
SECUNIA-30219 (http://secunia.com/advisories/30219)
SECUNIA-29267 (http://secunia.com/advisories/29267)
USN-547-1 (https://usn.ubuntu.com/547-1)
GLSA-200711-30 (http://security.gentoo.org/glsa/glsa-200711-30.xml)
ADV-2007-4238 (http://www.vupen.com/english/advisories/2007/4238)
20071106 rPSA-2007-0231-1 pcre (http://www.securityfocus.com/archive/1/483357/100/0/threaded)
TA07-352A (http://www.us-cert.gov/cas/techalerts/TA07-352A.html)
SECUNIA-27538 (http://secunia.com/advisories/27538)
20071112 FLEA-2007-0064-1 pcre (http://www.securityfocus.com/archive/1/483579/100/0/threaded)
SECUNIA-28136 (http://secunia.com/advisories/28136)
DSA-1570 (http://www.debian.org/security/2008/dsa-1570)
https://issues.rpath.com/browse/RPL-1738
SECUNIA-27773 (http://secunia.com/advisories/27773)
SECUNIA-27697 (http://secunia.com/advisories/27697)
SECUNIA-28406 (http://secunia.com/advisories/28406)
SECUNIA-27554 (http://secunia.com/advisories/27554)
ADV-2008-0924 (http://www.vupen.com/english/advisories/2008/0924/references)
XF-pcre-nonutf8-dos(38274) (https://exchange.xforce.ibmcloud.com/vulnerabilities/38274)
SECUNIA-27543 (http://secunia.com/advisories/27543)
[gtk-devel-list] 20071107 GLib 2.14.3 (http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html)
SECUNIA-29420 (http://secunia.com/advisories/29420)
APPLE-SA-2007-12-17 (http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html)
GLSA-200805-11 (http://security.gentoo.org/glsa/glsa-200805-11.xml)
APPLE-SA-2008-03-18 (http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
FEDORA-2008-1842 (https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html)
http://docs.info.apple.com/article.html?artnum=307179
SECUNIA-27741 (http://secunia.com/advisories/27741)
ADV-2007-3790 (http://www.vupen.com/english/advisories/2007/3790)
ADV-2007-3725 (http://www.vupen.com/english/advisories/2007/3725)
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
http://www.pcre.org/changelog.txt
http://docs.info.apple.com/article.html?artnum=307562
SECUNIA-30155 (http://secunia.com/advisories/30155)
SECUNIA-28720 (http://secunia.com/advisories/28720)
GLSA-200801-02 (http://security.gentoo.org/glsa/glsa-200801-02.xml)
GLSA-200801-19 (http://security.gentoo.org/glsa/glsa-200801-19.xml)
GLSA-200801-18 (http://security.gentoo.org/glsa/glsa-200801-18.xml)
DSA-1399 (http://www.debian.org/security/2007/dsa-1399)
SECUNIA-28414 (http://secunia.com/advisories/28414)
SECUNIA-30106 (http://secunia.com/advisories/30106)
SECUNIA-28714 (http://secunia.com/advisories/28714)
Miscellaneous
http://bugs.gentoo.org/show_bug.cgi?id=198976

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis