Vulnerability Details : CVE-2007-1660
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2007-1660
- cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1660
4.91%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1660
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-1660
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-1660
-
http://www.redhat.com/support/errata/RHSA-2007-0967.html
Support
-
http://www.redhat.com/support/errata/RHSA-2008-0546.html
Support
-
http://www.securityfocus.com/archive/1/483357/100/0/threaded
-
http://lists.vmware.com/pipermail/security-announce/2008/000014.html
502 Bad Gateway
-
https://usn.ubuntu.com/547-1/
404: Page not found | Ubuntu
-
http://www.debian.org/security/2007/dsa-1399
[SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code executionPatch
-
http://www.redhat.com/support/errata/RHSA-2007-1063.html
Support
-
http://www.vupen.com/english/advisories/2007/4238
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.vupen.com/english/advisories/2007/3725
Site en construction
-
http://docs.info.apple.com/article.html?artnum=307179
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:212
Mandriva
-
http://www.debian.org/security/2008/dsa-1570
[SECURITY] [DSA 1570-1] New kazehakase packages fix execution of arbitrary code
-
http://www.novell.com/linux/security/advisories/2007_25_sr.html
404 Page Not Found | SUSE
-
http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm
ASA-2007-488 (RHSA-2007-0968)
-
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
404 Page Not Found | SUSE
-
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Page Not Found | CISAUS Government Resource
-
http://security.gentoo.org/glsa/glsa-200801-02.xml
R: Multiple vulnerabilities (GLSA 200801-02) — Gentoo security
-
http://www.vupen.com/english/advisories/2008/1234/references
Site en construction
-
http://bugs.gentoo.org/show_bug.cgi?id=198976
198976 – dev-lang/R < 2.2.1-r1 Multiple issues in embedded PCRE
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
http://www.redhat.com/support/errata/RHSA-2007-1065.html
Support
-
http://www.securityfocus.com/archive/1/483579/100/0/threaded
-
http://securitytracker.com/id?1018895
GoDaddy Domain Name Search
-
http://security.gentoo.org/glsa/glsa-200805-11.xml
Chicken: Multiple vulnerabilities (GLSA 200805-11) — Gentoo security
-
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
-
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
GLib 2.14.3
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:213
Mandriva
-
http://security.gentoo.org/glsa/glsa-200801-19.xml
GOffice: Multiple vulnerabilities (GLSA 200801-19) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
[security-announce] SUSE Security Announcement: php4, php5 (SUSE-SA:2008:004) - openSUSE Security Announce - openSUSE Mailing Lists
-
https://bugzilla.redhat.com/show_bug.cgi?id=315881
315881 – (CVE-2007-1660) CVE-2007-1660 pcre regular expression flaws
-
http://docs.info.apple.com/article.html?artnum=307562
-
http://www.vupen.com/english/advisories/2007/3790
Site en construction
-
http://www.securityfocus.com/bid/26346
Patch
-
http://security.gentoo.org/glsa/glsa-200711-30.xml
PCRE: Multiple vulnerabilities (GLSA 200711-30) — Gentoo security
-
http://www.securityfocus.com/archive/1/490917/100/0/threaded
-
https://issues.rpath.com/browse/RPL-1738
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562
404 Not Found
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
Mandriva
-
http://www.redhat.com/support/errata/RHSA-2007-0968.html
Support
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38273
PCRE unspecified character class denial of service CVE-2007-1660 Vulnerability Report
-
http://security.gentoo.org/glsa/glsa-200801-18.xml
Kazehakase: Multiple vulnerabilities (GLSA 200801-18) — Gentoo security
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Jump to