CVE-2006-7230

2007-11-15 20:46:00 2017-10-11 03:31:31

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Pcre Pcre 6.9 (not an official CPE)

Pcre - Pcre

Advisory	Patch	Confirmed	Link
			https://bugzilla.redhat.com/show_bug.cgi?id=384801
			26550
			RHSA-2007:1068
			RHSA-2007:1059
			http://www.pcre.org/changelog.txt
			SUSE-SA:2007:062
			MDVSA-2008:030
			DSA-1570
			http://support.avaya.com/elmodocs2/security/ASA-2007-505...
			GLSA-200805-11
			GLSA-200801-19
			GLSA-200801-18
			GLSA-200801-02
			GLSA-200711-30
			SUSE-SA:2008:004
			http://bugs.gentoo.org/show_bug.cgi?id=198976

CVE-2006-7230

2007-11-15 20:46:00 2017-10-11 03:31:31

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)