// For flags

CVE-2007-4768

: pcre before 7.3 incorrect unicode in char class optimization

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

Desbordamiento de búfer basado en montículo en la librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una secuencia de caracteres Unicode unitarios en una clase character de un patrón de expresión regular, lo cual está optimizado incorrectamente.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-10 CVE Reserved
  • 2007-11-06 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (62)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=198976 X_refsource_misc
http://docs.info.apple.com/article.html?artnum=307179 X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562 X_refsource_confirm
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html Mailing List
http://secunia.com/advisories/27538 Third Party Advisory
http://secunia.com/advisories/27543 Third Party Advisory
http://secunia.com/advisories/27554 Third Party Advisory
http://secunia.com/advisories/27697 Third Party Advisory
http://secunia.com/advisories/27741 Third Party Advisory
http://secunia.com/advisories/28136 Third Party Advisory
http://secunia.com/advisories/28157 Third Party Advisory
http://secunia.com/advisories/28161 Third Party Advisory
http://secunia.com/advisories/28213 Third Party Advisory
http://secunia.com/advisories/28406 Third Party Advisory
http://secunia.com/advisories/28414 Third Party Advisory
http://secunia.com/advisories/28570 Third Party Advisory
http://secunia.com/advisories/28714 Third Party Advisory
http://secunia.com/advisories/28720 Third Party Advisory
http://secunia.com/advisories/29267 Third Party Advisory
http://secunia.com/advisories/29420 Third Party Advisory
http://secunia.com/advisories/30106 Third Party Advisory
http://secunia.com/advisories/30155 Third Party Advisory
http://secunia.com/advisories/30219 Third Party Advisory
http://secunia.com/advisories/30507 Third Party Advisory
http://secunia.com/advisories/30840 Third Party Advisory
http://securitytracker.com/id?1019116 Vdb Entry
http://www.adobe.com/support/security/bulletins/apsb07-20.html X_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb08-13.html X_refsource_confirm
http://www.securityfocus.com/archive/1/483357/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/483579/100/0/threaded Mailing List
http://www.securityfocus.com/bid/26346 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-352A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-355A.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/3725 Vdb Entry
http://www.vupen.com/english/advisories/2007/3790 Vdb Entry
http://www.vupen.com/english/advisories/2007/4238 Vdb Entry
http://www.vupen.com/english/advisories/2007/4258 Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references Vdb Entry
http://www.vupen.com/english/advisories/2008/1724/references Vdb Entry
http://www.vupen.com/english/advisories/2008/1966/references Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38278 Vdb Entry
https://issues.rpath.com/browse/RPL-1738 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701 Signature
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pcre
Search vendor "Pcre"
Pcre
Search vendor "Pcre" for product "Pcre"
<= 6.0
Search vendor "Pcre" for product "Pcre" and version " <= 6.0"
-
Affected
Pcre
Search vendor "Pcre"
Pcre
Search vendor "Pcre" for product "Pcre"
<= 6.1
Search vendor "Pcre" for product "Pcre" and version " <= 6.1"
-
Affected
Pcre
Search vendor "Pcre"
Pcre
Search vendor "Pcre" for product "Pcre"
<= 7.3
Search vendor "Pcre" for product "Pcre" and version " <= 7.3"
-
Affected