PT-2005-5572 · Pcre · Libpcre3-Dev+8
Published
1970-01-01
·
Updated
2018-10-15
·
CVE-2007-4766
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
libpcrecpp0 versions prior to 7.3
libpcre3 versions prior to 7.3
libpcre versions prior to 7.3-r1
pcre-32bit versions prior to 7.3
pcregrep versions prior to 7.3
pcre versions prior to 7.3
libpcre3-dev versions prior to 7.3
pgrep versions prior to 7.3
pcre-devel versions prior to 7.3
Description
The issue involves multiple vulnerabilities in the PCRE library, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are caused by multiple integer overflows in the Perl-Compatible Regular Expression (PCRE) library, allowing context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
Recommendations
For libpcrecpp0 versions prior to 7.3, update to version 7.3 or later.
For libpcre3 versions prior to 7.3, update to version 7.3 or later.
For libpcre versions prior to 7.3-r1, update to version 7.3-r1 or later.
For pcre-32bit versions prior to 7.3, update to version 7.3 or later.
For pcregrep versions prior to 7.3, update to version 7.3 or later.
For pcre versions prior to 7.3, update to version 7.3 or later.
For libpcre3-dev versions prior to 7.3, update to version 7.3 or later.
For pgrep versions prior to 7.3, update to version 7.3 or later.
For pcre-devel versions prior to 7.3, update to version 7.3 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libpcre
Libpcre3
Libpcre3-Dev
Libpcrecpp0
Pcre
Pcre-32Bit
Pcre-Devel
Pcregrep
Pgrep