CVE-2006-7227

Name of the Vulnerable Software and Affected Versions PCRE library versions prior to 6.7 libpcre versions prior to 7.3-r1 pcre-32bit (affected versions not specified) pcre (affected versions not specified) pcre-devel (affected versions not specified)

Description The issue is related to an integer overflow in the Perl-Compatible Regular Expression (PCRE) library, which allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name count) or long subpattern names (max name size), triggering a buffer overflow. Multiple vulnerabilities in the PCRE library can lead to a violation of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For PCRE library versions prior to 6.7, update to version 6.7 or later. For libpcre versions prior to 7.3-r1, update to version 7.3-r1 or later. For pcre-32bit, pcre, and pcre-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.