CVE-2007-1661 Common Vulnerabilities and Exposures

Upstream information

CVE-2007-1661 at MITRE

Description

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	6.4
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entries: 325921 [RESOLVED / FIXED], 649333 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SA:2007:062, published Fri, 23 Nov 2007 14:00:00 +0000

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 02:52:04 2013
CVE page last modified: Fri Dec 8 16:20:23 2023