CVE-2007-4768

Published Nov 7, 2007

Last updated 6 years ago

Overview

Description: Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "546807AB-6BF5-4A4C-A3E4-516C982BA751",
            "versionEndIncluding": "6.0"
          },
          {
            "criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C79718A-3ECF-4A5B-8C4D-B3458521248B",
            "versionEndIncluding": "6.1"
          },
          {
            "criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4523717D-521B-48D3-9664-07489B886917",
            "versionEndIncluding": "7.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References