CVE-2007-4772 — Infinite Loop in Postgresql

CWE-399 CWE-835 — Infinite Loop6 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 49.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql TCL TK Canonical Ubuntu Linux +1 more

Timeline

PublishedJan 9

Latest updateMay 1

Description

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDpostgresql/postgresql7.4 — 7.4.19+3

▶NVDtcl/tcl_tk< 8.4.17

Also affects: Debian Linux 3.1, Ubuntu Linux 6.06, 6.10, 7.04, 7.10

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-x3q3-v77f-cg26: The regular expression parser in TCL before 8↗2022-05-01

▶

CVEList

CVE-2007-4772: The regular expression parser in TCL before 8↗2008-01-09

▶

📋Vendor Advisories

Ubuntu

PostgreSQL vulnerabilities↗2008-01-14

▶

Red Hat

postgresql DoS via infinite loop in regex NFA optimization code↗2008-01-07

▶

💬Community

Bugzilla

CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code↗2007-10-03

▶