PT-2007-7495 · Pcre · Libpcre3-Dev+4
Publicado
1970-01-01
·
Atualizado
2018-10-15
·
CVE-2007-4768
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
libpcrecpp0 versions prior to 7.3
libpcre3 versions prior to 7.3
libpcre versions prior to 7.3-r1
pcregrep versions prior to 7.3
libpcre3-dev versions prior to 7.3
Description
The issue involves multiple vulnerabilities in the PCRE library, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, a heap-based buffer overflow in the Perl-Compatible Regular Expression (PCRE) library before version 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
Recommendations
For libpcrecpp0 versions prior to 7.3, update to version 7.3 or later.
For libpcre3 versions prior to 7.3, update to version 7.3 or later.
For libpcre versions prior to 7.3-r1, update to version 7.3-r1 or later.
For pcregrep versions prior to 7.3, update to version 7.3 or later.
For libpcre3-dev versions prior to 7.3, update to version 7.3 or later.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Libpcre
Libpcre3
Libpcre3-Dev
Libpcrecpp0
Pcregrep