// For flags

CVE-2007-6067

postgresql: tempory DoS caused by slow regex NFA cleanup

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

Vulnerabilidad de complejidad algorítmica en el analizador de la expresión regular en TCL en versiones anteriores a 8.4.17, tal como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria) a través de una expresión regular "compleja" manipulada con estados doblemente anidados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Local
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-11-21 CVE Reserved
  • 2008-01-09 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-10-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
References (42)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 X_refsource_confirm
http://secunia.com/advisories/28376 Third Party Advisory
http://secunia.com/advisories/28437 Third Party Advisory
http://secunia.com/advisories/28438 Third Party Advisory
http://secunia.com/advisories/28454 Third Party Advisory
http://secunia.com/advisories/28455 Third Party Advisory
http://secunia.com/advisories/28464 Third Party Advisory
http://secunia.com/advisories/28477 Third Party Advisory
http://secunia.com/advisories/28479 Third Party Advisory
http://secunia.com/advisories/28679 Third Party Advisory
http://secunia.com/advisories/28698 Third Party Advisory
http://secunia.com/advisories/29638 Third Party Advisory
http://securitytracker.com/id?1019157 Vdb Entry
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894 X_refsource_confirm
http://www.postgresql.org/about/news.905 X_refsource_confirm
http://www.securityfocus.com/archive/1/485864/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/486407/100/0/threaded Mailing List
http://www.vupen.com/english/advisories/2008/0061 Vdb Entry
http://www.vupen.com/english/advisories/2008/0109 Vdb Entry
http://www.vupen.com/english/advisories/2008/1071/references Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39498 Vdb Entry
https://issues.rpath.com/browse/RPL-1768 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235 Signature
URL Date SRC
http://www.securityfocus.com/bid/27163 2018-10-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3
Search vendor "Postgresql" for product "Postgresql" and version "7.3"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.1
Search vendor "Postgresql" for product "Postgresql" and version "7.3.1"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.2
Search vendor "Postgresql" for product "Postgresql" and version "7.3.2"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.3
Search vendor "Postgresql" for product "Postgresql" and version "7.3.3"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.4
Search vendor "Postgresql" for product "Postgresql" and version "7.3.4"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.6
Search vendor "Postgresql" for product "Postgresql" and version "7.3.6"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.8
Search vendor "Postgresql" for product "Postgresql" and version "7.3.8"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.9
Search vendor "Postgresql" for product "Postgresql" and version "7.3.9"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.10
Search vendor "Postgresql" for product "Postgresql" and version "7.3.10"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.11
Search vendor "Postgresql" for product "Postgresql" and version "7.3.11"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.12
Search vendor "Postgresql" for product "Postgresql" and version "7.3.12"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.13
Search vendor "Postgresql" for product "Postgresql" and version "7.3.13"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.14
Search vendor "Postgresql" for product "Postgresql" and version "7.3.14"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.15
Search vendor "Postgresql" for product "Postgresql" and version "7.3.15"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.16
Search vendor "Postgresql" for product "Postgresql" and version "7.3.16"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.3.19
Search vendor "Postgresql" for product "Postgresql" and version "7.3.19"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4
Search vendor "Postgresql" for product "Postgresql" and version "7.4"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.1
Search vendor "Postgresql" for product "Postgresql" and version "7.4.1"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.2
Search vendor "Postgresql" for product "Postgresql" and version "7.4.2"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.3
Search vendor "Postgresql" for product "Postgresql" and version "7.4.3"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.4
Search vendor "Postgresql" for product "Postgresql" and version "7.4.4"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.5
Search vendor "Postgresql" for product "Postgresql" and version "7.4.5"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.6
Search vendor "Postgresql" for product "Postgresql" and version "7.4.6"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.7
Search vendor "Postgresql" for product "Postgresql" and version "7.4.7"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.8
Search vendor "Postgresql" for product "Postgresql" and version "7.4.8"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.9
Search vendor "Postgresql" for product "Postgresql" and version "7.4.9"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.10
Search vendor "Postgresql" for product "Postgresql" and version "7.4.10"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.11
Search vendor "Postgresql" for product "Postgresql" and version "7.4.11"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.12
Search vendor "Postgresql" for product "Postgresql" and version "7.4.12"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.13
Search vendor "Postgresql" for product "Postgresql" and version "7.4.13"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.14
Search vendor "Postgresql" for product "Postgresql" and version "7.4.14"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.16
Search vendor "Postgresql" for product "Postgresql" and version "7.4.16"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
7.4.17
Search vendor "Postgresql" for product "Postgresql" and version "7.4.17"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0
Search vendor "Postgresql" for product "Postgresql" and version "8.0"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.1
Search vendor "Postgresql" for product "Postgresql" and version "8.0.1"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.2
Search vendor "Postgresql" for product "Postgresql" and version "8.0.2"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.3
Search vendor "Postgresql" for product "Postgresql" and version "8.0.3"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.4
Search vendor "Postgresql" for product "Postgresql" and version "8.0.4"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.5
Search vendor "Postgresql" for product "Postgresql" and version "8.0.5"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.7
Search vendor "Postgresql" for product "Postgresql" and version "8.0.7"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.8
Search vendor "Postgresql" for product "Postgresql" and version "8.0.8"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.9
Search vendor "Postgresql" for product "Postgresql" and version "8.0.9"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.11
Search vendor "Postgresql" for product "Postgresql" and version "8.0.11"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.13
Search vendor "Postgresql" for product "Postgresql" and version "8.0.13"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.0.317
Search vendor "Postgresql" for product "Postgresql" and version "8.0.317"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.1.1
Search vendor "Postgresql" for product "Postgresql" and version "8.1.1"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.1.3
Search vendor "Postgresql" for product "Postgresql" and version "8.1.3"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.1.4
Search vendor "Postgresql" for product "Postgresql" and version "8.1.4"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.1.5
Search vendor "Postgresql" for product "Postgresql" and version "8.1.5"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.1.7
Search vendor "Postgresql" for product "Postgresql" and version "8.1.7"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.1.8
Search vendor "Postgresql" for product "Postgresql" and version "8.1.8"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.1.9
Search vendor "Postgresql" for product "Postgresql" and version "8.1.9"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.2
Search vendor "Postgresql" for product "Postgresql" and version "8.2"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.2.2
Search vendor "Postgresql" for product "Postgresql" and version "8.2.2"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.2.3
Search vendor "Postgresql" for product "Postgresql" and version "8.2.3"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
8.2.4
Search vendor "Postgresql" for product "Postgresql" and version "8.2.4"
-
Affected
Tcl Tk
Search vendor "Tcl Tk"
Tcl Tk
Search vendor "Tcl Tk" for product "Tcl Tk"
<= 8.4.16
Search vendor "Tcl Tk" for product "Tcl Tk" and version " <= 8.4.16"
-
Affected