CVE-2007-1661

Published: Nov 7, 2007Modified: Apr 23, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

Affected (5)

Products: Pcre: Perl Compatible Regular Expression Library · Apple: Mac Os X, Mac Os X Server

Pcre

1 product

Perl Compatible Regular Expression Library

Apple

2 products

Mac Os X

Mac Os X Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Pcre Perl Compatible Regular Expression Library	Up to 7.2
Pcre Perl Compatible Regular Expression Library	Version 7.0
Pcre Perl Compatible Regular Expression Library	Version 7.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.4.11
Apple Mac Os X Server	Version 10.4.11

References (88)

http://bugs.gentoo.org/show_bug.cgi?id=198976

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307179

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307562

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Source: cve@mitre.org

http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html

Source: cve@mitre.org

http://secunia.com/advisories/27538

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27543

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27554

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27697

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27741

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27773

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28136

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28406

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28414

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28714

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28720

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29267

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29420

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30106

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30155

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30219

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200711-30.xml

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200801-02.xml

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200801-18.xml

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200801-19.xml

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200805-11.xml

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1399

Source: cve@mitre.org

Patch

http://www.debian.org/security/2008/dsa-1570

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:211

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_62_pcre.html

Source: cve@mitre.org

http://www.pcre.org/changelog.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/483357/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/483579/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/26346

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2007/3725

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3790

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/4238

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0924/references

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/38274

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-1738

Source: cve@mitre.org

https://usn.ubuntu.com/547-1/

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html

Source: cve@mitre.org

http://bugs.gentoo.org/show_bug.cgi?id=198976