CVE-2007-1660

pcre regular expression flaws

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

La biblioteca Perl-Compatible Regular Expression (PCRE) anterior a la versión 7.0 no calcula apropiadamente los tamaños de las "multiple forms of character class" no especificadas, lo que desencadena un desbordamiento de búfer que permite a los atacantes dependiendo del contexto provocar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-03-24 CVE Reserved
2007-11-07 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (66)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=198976	X_refsource_misc
http://docs.info.apple.com/article.html?artnum=307179	X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562	X_refsource_confirm
http://lists.vmware.com/pipermail/security-announce/2008/000014.html	Mailing List
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html	Mailing List
http://secunia.com/advisories/30106	Third Party Advisory
http://secunia.com/advisories/30155	Third Party Advisory
http://secunia.com/advisories/30219	Third Party Advisory
http://secunia.com/advisories/31124	Third Party Advisory
http://securitytracker.com/id?1018895	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm	X_refsource_confirm
http://www.securityfocus.com/archive/1/483357/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/483579/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/490917/100/0/threaded	Mailing List
http://www.us-cert.gov/cas/techalerts/TA07-352A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2007/3725	Vdb Entry
http://www.vupen.com/english/advisories/2007/3790	Vdb Entry
http://www.vupen.com/english/advisories/2007/4238	Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/1234/references	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38273	Vdb Entry
https://issues.rpath.com/browse/RPL-1738	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562	Signature

URL	Date	SRC

URL	Date	SRC
http://www.debian.org/security/2007/dsa-1399	2018-10-16
http://www.securityfocus.com/bid/26346	2018-10-16

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html	2018-10-16
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	2018-10-16
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html	2018-10-16
http://secunia.com/advisories/27538	2018-10-16
http://secunia.com/advisories/27543	2018-10-16
http://secunia.com/advisories/27547	2018-10-16
http://secunia.com/advisories/27554	2018-10-16
http://secunia.com/advisories/27598	2018-10-16
http://secunia.com/advisories/27697	2018-10-16
http://secunia.com/advisories/27741	2018-10-16
http://secunia.com/advisories/27773	2018-10-16
http://secunia.com/advisories/27776	2018-10-16
http://secunia.com/advisories/27862	2018-10-16
http://secunia.com/advisories/27965	2018-10-16
http://secunia.com/advisories/28136	2018-10-16
http://secunia.com/advisories/28406	2018-10-16
http://secunia.com/advisories/28414	2018-10-16
http://secunia.com/advisories/28658	2018-10-16
http://secunia.com/advisories/28714	2018-10-16
http://secunia.com/advisories/28720	2018-10-16
http://secunia.com/advisories/29420	2018-10-16
http://secunia.com/advisories/29785	2018-10-16
http://security.gentoo.org/glsa/glsa-200711-30.xml	2018-10-16
http://security.gentoo.org/glsa/glsa-200801-02.xml	2018-10-16
http://security.gentoo.org/glsa/glsa-200801-18.xml	2018-10-16
http://security.gentoo.org/glsa/glsa-200801-19.xml	2018-10-16
http://security.gentoo.org/glsa/glsa-200805-11.xml	2018-10-16
http://www.debian.org/security/2008/dsa-1570	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:212	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:213	2018-10-16
http://www.novell.com/linux/security/advisories/2007_25_sr.html	2018-10-16
http://www.novell.com/linux/security/advisories/2007_62_pcre.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0967.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0968.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-1063.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-1065.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2008-0546.html	2018-10-16
https://bugzilla.redhat.com/show_bug.cgi?id=315881	2008-07-16
https://usn.ubuntu.com/547-1	2018-10-16
https://access.redhat.com/security/cve/CVE-2007-1660	2008-07-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pcre Search vendor "Pcre"		Pcre Search vendor "Pcre" for product "Pcre"				<= 6.9 Search vendor "Pcre" for product "Pcre" and version " <= 6.9"		-		Affected