Vulnerability Details : CVE-2007-4768
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-4768
- cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
- cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
- cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4768
4.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4768
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-4768
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4768
-
http://www.redhat.com/support/errata/RHSA-2007-1126.html
Support
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
-
http://www.securityfocus.com/archive/1/483357/100/0/threaded
-
https://usn.ubuntu.com/547-1/
404: Page not found | Ubuntu
-
http://www.debian.org/security/2007/dsa-1399
[SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution
-
http://www.vupen.com/english/advisories/2007/4238
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.vupen.com/english/advisories/2007/3725
Site en construction
-
http://docs.info.apple.com/article.html?artnum=307179
-
http://www.adobe.com/support/security/bulletins/apsb07-20.html
Adobe Security Bulletins and Advisories
-
http://www.debian.org/security/2008/dsa-1570
[SECURITY] [DSA 1570-1] New kazehakase packages fix execution of arbitrary code
-
http://securitytracker.com/id?1019116
Access Denied
-
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 200801-07) — Gentoo security
-
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Page Not Found | CISAUS Government Resource
-
http://security.gentoo.org/glsa/glsa-200801-02.xml
R: Multiple vulnerabilities (GLSA 200801-02) — Gentoo security
-
http://bugs.gentoo.org/show_bug.cgi?id=198976
198976 – dev-lang/R < 2.2.1-r1 Multiple issues in embedded PCRE
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701
404 Not Found
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
[SECURITY] Fedora 7 Update: pcre-7.3-3.fc7
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38278
PCRE character class Unicode sequence buffer overflow CVE-2007-4768 Vulnerability Report
-
http://www.securityfocus.com/archive/1/483579/100/0/threaded
-
http://security.gentoo.org/glsa/glsa-200805-11.xml
Chicken: Multiple vulnerabilities (GLSA 200805-11) — Gentoo security
-
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
-
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
Page Not Found | CISAUS Government Resource
-
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
GLib 2.14.3
-
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
502 Bad Gateway
-
http://security.gentoo.org/glsa/glsa-200801-19.xml
GOffice: Multiple vulnerabilities (GLSA 200801-19) — Gentoo security
-
http://docs.info.apple.com/article.html?artnum=307562
-
http://www.vupen.com/english/advisories/2007/3790
Site en construction
-
http://www.vupen.com/english/advisories/2008/1966/references
Site en construction
-
http://www.securityfocus.com/bid/26346
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
-
http://security.gentoo.org/glsa/glsa-200711-30.xml
PCRE: Multiple vulnerabilities (GLSA 200711-30) — Gentoo security
-
https://issues.rpath.com/browse/RPL-1738
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
Mandriva
-
http://www.vupen.com/english/advisories/2008/1724/references
Site en construction
-
http://www.adobe.com/support/security/bulletins/apsb08-13.html
Adobe Security Bulletins and Advisories
-
http://www.vupen.com/english/advisories/2007/4258
Site en construction
-
http://security.gentoo.org/glsa/glsa-200801-18.xml
Kazehakase: Multiple vulnerabilities (GLSA 200801-18) — Gentoo security
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Jump to