Browse Source
CVE-2007-1659 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patters containing unmatched "\Q\E" sequences with orphan "\E" codes. CVE-2007-1660 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. CVE-2007-1661 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. CVE-2007-1662 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. CVE-2007-4766 (High) : Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. CVE-2007-4767 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. CVE-2007-4768 (Medium) : Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.early
1 changed files with 4 additions and 4 deletions
@ -3,7 +3,7 @@
|
||||
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
||||
[COPY] |
||||
[COPY] Filename: package/.../pcre/pcre.desc |
||||
[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project |
||||
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project |
||||
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project |
||||
[COPY] Copyright (C) 1998 - 2003 Clifford Wolf |
||||
[COPY] |
||||
@ -32,12 +32,12 @@
|
||||
[M] The OpenSDE Community <[email protected]> |
||||
|
||||
[C] base/library |
||||
[F] LIBTOOL-QUIRK NOPARALLEL |
||||
[F] NOPARALLEL |
||||
|
||||
[L] BSD |
||||
[S] Stable |
||||
[V] 7.2 |
||||
[V] 7.6 |
||||
[P] X -----5---9 110.000 |
||||
|
||||
[D] 1461738484 pcre-7.2.tar.bz2 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ |
||||
[D] 2677790569 pcre-7.6.tar.bz2 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ |
||||
|
||||
|
Loading…
Reference in new issue