CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4766
https://notcve.org/view.php?id=CVE-2007-4766
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. Múltiples desbordamientos de entero en la librería Perl-Compatible Regular Expression (PCRE) naterior a 7.3 permiten a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída) o ejecutar código de su elección mediante secuencias de escape (backslash) no especificadas. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 h • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 0CVE-2007-1659 – pcre regular expression flaws
https://notcve.org/view.php?id=CVE-2007-1659
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes. La biblioteca Perl-Compatible Regular Expression (PCRE) anterior a la versión 7.3 permite a los atacantes dependiendo del contexto causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de patrones regex que contienen secuencias incomparables "\Q\E" con códigos huérfanos de "\E". • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 4%CPEs: 3EXPL: 0CVE-2007-4767
https://notcve.org/view.php?id=CVE-2007-4767
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 no computa adecuadamente la longitud de (1) una secuencia \p, (2) una secuencia \P, o (3) una secuencia \P{x}, lo cual permite a atacantes dependientes de contexto provocar una denegación de servicio (bucle infinito o caída) o ejecutar código de su elección. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 h •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0CVE-2007-1662
https://notcve.org/view.php?id=CVE-2007-1662
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 lee más allá del final de una cadena cuando busca corchetes no coincidentes y paréntesis, lo cual permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída), posiblemente involucrando referencias hacia delante. • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 h •
CVSS: 6.4EPSS: 4%CPEs: 5EXPL: 0CVE-2007-1661
https://notcve.org/view.php?id=CVE-2007-1661
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 vuelve demasiado atrás cuando compara determinados bytes de entrada con algunos patrones de expresiones regulares en modo no-UTF-8, lo cual permite a atacantes locales o remotos (dependiendo del contexto) obtener información sensible o provocar una denegación de servicio (caída), como se ha demostrado mediante los patrones "\X?\d" y "\P{L}? • http://bugs.gentoo.org/show_bug.cgi?id=198976 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 h •