Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в библиотеках регулярных выражений PCRE и perl
Опубликовано:7 ноября 2007 г.
Источник:
SecurityVulns ID:8321
Тип:библиотека
Уровень опасности:
7/10
Описание:Переполнения буфера и повреждения памяти при различных шаблонах регулярных выражений.
Затронутые продукты:PERL : perl 5.8
 PCRE : pcre 7.3
CVE:CVE-2007-5116
 CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.)
 CVE-2007-4767
 CVE-2007-4766
 CVE-2007-1662
 CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.)
 CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.)
 CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution (07.11.2007)
 documentMANDRIVA, [ MDKSA-2007:207 ] - Updated perl packages fix vulnerability (07.11.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород