CVE-2007-1662 — Pcre vulnerability

8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

4.1%

top 11.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Glib2.0 Debian Pcre3 Pcre

Timeline

PublishedNov 7

Latest updateMay 1

Description

Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/pcre3< glib2.0 2.14.3-1 (bookworm)

▶NVDpcre/pcre7.3

▶debiandebian/glib2.0< glib2.0 2.14.3-1 (bookworm)

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-q97c-6vfp-vgp5: Perl-Compatible Regular Expression (PCRE) library before 7↗2022-05-01

▶

OSV

CVE-2007-1662: Perl-Compatible Regular Expression (PCRE) library before 7↗2007-11-07

▶

📋Vendor Advisories

Ubuntu

PCRE vulnerabilities↗2007-11-27

▶

Red Hat

: pcre < 7.3 unmatched bracket/paren past EoS read issue↗2007-11-05

▶

Debian

CVE-2007-1662: glib2.0 - Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end ...↗2007

▶

💬Community

Bugzilla

CVE-2007-1662: pcre < 7.3 unmatched bracket/paren past EoS read issue↗2007-11-20

▶

Bugzilla

Multiple PCRE flaws↗2007-09-26

▶