// For flags

CVE-2007-1659

pcre regular expression flaws

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.

La biblioteca Perl-Compatible Regular Expression (PCRE) anterior a la versión 7.3 permite a los atacantes dependiendo del contexto causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de patrones regex que contienen secuencias incomparables "\Q\E" con códigos huérfanos de "\E".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-03-24 CVE Reserved
  • 2007-11-07 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (60)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=198976 X_refsource_misc
http://docs.info.apple.com/article.html?artnum=307179 X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562 X_refsource_confirm
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html Mailing List
http://secunia.com/advisories/30106 Third Party Advisory
http://secunia.com/advisories/30219 Third Party Advisory
http://securitytracker.com/id?1018895 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm X_refsource_confirm
http://www.pcre.org/changelog.txt X_refsource_confirm
http://www.securityfocus.com/archive/1/483357/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/483579/100/0/threaded Mailing List
http://www.us-cert.gov/cas/techalerts/TA07-352A.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/3725 Vdb Entry
http://www.vupen.com/english/advisories/2007/3790 Vdb Entry
http://www.vupen.com/english/advisories/2007/4238 Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38272 Vdb Entry
https://issues.rpath.com/browse/RPL-1738 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725 Signature
URL Date SRC
URL Date SRC
http://www.securityfocus.com/bid/26346 2018-10-16
URL Date SRC
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html 2018-10-16
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html 2018-10-16
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html 2018-10-16
http://secunia.com/advisories/27538 2018-10-16
http://secunia.com/advisories/27543 2018-10-16
http://secunia.com/advisories/27547 2018-10-16
http://secunia.com/advisories/27554 2018-10-16
http://secunia.com/advisories/27598 2018-10-16
http://secunia.com/advisories/27697 2018-10-16
http://secunia.com/advisories/27741 2018-10-16
http://secunia.com/advisories/27773 2018-10-16
http://secunia.com/advisories/27965 2018-10-16
http://secunia.com/advisories/28041 2018-10-16
http://secunia.com/advisories/28136 2018-10-16
http://secunia.com/advisories/28406 2018-10-16
http://secunia.com/advisories/28414 2018-10-16
http://secunia.com/advisories/28658 2018-10-16
http://secunia.com/advisories/28714 2018-10-16
http://secunia.com/advisories/28720 2018-10-16
http://secunia.com/advisories/29267 2018-10-16
http://secunia.com/advisories/29420 2018-10-16
http://secunia.com/advisories/30155 2018-10-16
http://security.gentoo.org/glsa/glsa-200711-30.xml 2018-10-16
http://security.gentoo.org/glsa/glsa-200801-02.xml 2018-10-16
http://security.gentoo.org/glsa/glsa-200801-18.xml 2018-10-16
http://security.gentoo.org/glsa/glsa-200801-19.xml 2018-10-16
http://security.gentoo.org/glsa/glsa-200805-11.xml 2018-10-16
http://www.debian.org/security/2007/dsa-1399 2018-10-16
http://www.debian.org/security/2008/dsa-1570 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:212 2018-10-16
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 2018-10-16
http://www.novell.com/linux/security/advisories/2007_25_sr.html 2018-10-16
http://www.novell.com/linux/security/advisories/2007_62_pcre.html 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0967.html 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-1068.html 2018-10-16
https://usn.ubuntu.com/547-1 2018-10-16
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html 2018-10-16
https://access.redhat.com/security/cve/CVE-2007-1659 2007-11-29
https://bugzilla.redhat.com/show_bug.cgi?id=315871 2007-11-29
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pcre
Search vendor "Pcre"
 Pcre
Search vendor "Pcre" for product "Pcre"
 <= 7.3
Search vendor "Pcre" for product "Pcre" and version " <= 7.3"
-
Affected