CVE-2006-7230
pcre miscalculation of memory requirements if options are changed during pattern compilation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.0 no calcula adecuadamente la cantidad de memoria necesaria para un patrón de expresión regular compilada cuando las opciones de UTF-8 (1) -x o (2) -i cambian dentro del patrón, lo cual permite a atacantes remotos dependientes del contexto provocar una denegación de servicio (caída de PCRE o de glibc) mediante una expresión regular manipulada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-11-15 CVE Reserved
- 2007-11-15 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (29)
URL | Tag | Source |
---|---|---|
http://bugs.gentoo.org/show_bug.cgi?id=198976 | X_refsource_misc | |
http://secunia.com/advisories/27741 | Third Party Advisory | |
http://secunia.com/advisories/27773 | Third Party Advisory | |
http://secunia.com/advisories/28041 | Third Party Advisory | |
http://secunia.com/advisories/28406 | Third Party Advisory | |
http://secunia.com/advisories/28414 | Third Party Advisory | |
http://secunia.com/advisories/28658 | Third Party Advisory | |
http://secunia.com/advisories/28714 | Third Party Advisory | |
http://secunia.com/advisories/28720 | Third Party Advisory | |
http://secunia.com/advisories/30106 | Third Party Advisory | |
http://secunia.com/advisories/30155 | Third Party Advisory | |
http://secunia.com/advisories/30219 | Third Party Advisory | |
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm | X_refsource_confirm | |
http://www.pcre.org/changelog.txt | X_refsource_confirm | |
http://www.securityfocus.com/bid/26550 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|