NVD Vulnerability Detail

CVE-2007-1659

Summary	Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
Publication Date	Nov. 8, 2007, 8:46 a.m.
Registration Date	Jan. 29, 2021, 2:09 p.m.
Last Update	Oct. 17, 2018, 1:39 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:pcre:pcre::::::::			7.3

Related information, measures and tools

No	URL	refsource	タグ
1	http://bugs.gentoo.org/show_bug.cgi?id=198976	MISC
2	http://docs.info.apple.com/article.html?artnum=307179	CONFIRM
3	http://docs.info.apple.com/article.html?artnum=307562	CONFIRM
4	http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html	APPLE
5	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	APPLE
6	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html	SUSE
7	http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html	MLIST
8	http://secunia.com/advisories/27538	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/27543	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/27547	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/27554	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/27598	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/27697	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/27741	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/27773	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/27965	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/28041	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/28136	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/28406	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/28414	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/28658	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/28714	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/28720	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/29267	SECUNIA	Vendor Advisory
25	http://secunia.com/advisories/29420	SECUNIA	Vendor Advisory
26	http://secunia.com/advisories/30106	SECUNIA
27	http://secunia.com/advisories/30155	SECUNIA	Vendor Advisory
28	http://secunia.com/advisories/30219	SECUNIA
29	http://security.gentoo.org/glsa/glsa-200711-30.xml	GENTOO
30	http://security.gentoo.org/glsa/glsa-200801-02.xml	GENTOO
31	http://security.gentoo.org/glsa/glsa-200801-18.xml	GENTOO
32	http://security.gentoo.org/glsa/glsa-200801-19.xml	GENTOO
33	http://security.gentoo.org/glsa/glsa-200805-11.xml	GENTOO
34	http://securitytracker.com/id?1018895	SECTRACK
35	http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm	CONFIRM
36	http://www.debian.org/security/2007/dsa-1399	DEBIAN
37	http://www.debian.org/security/2008/dsa-1570	DEBIAN
38	http://www.mandriva.com/security/advisories?name=MDKSA-2007:211	MANDRIVA
39	http://www.mandriva.com/security/advisories?name=MDKSA-2007:212	MANDRIVA
40	http://www.mandriva.com/security/advisories?name=MDVSA-2008:030	MANDRIVA
41	http://www.novell.com/linux/security/advisories/2007_25_sr.html	SUSE
42	http://www.novell.com/linux/security/advisories/2007_62_pcre.html	SUSE
43	http://www.pcre.org/changelog.txt	CONFIRM
44	http://www.redhat.com/support/errata/RHSA-2007-0967.html	REDHAT
45	http://www.redhat.com/support/errata/RHSA-2007-1068.html	REDHAT
46	http://www.securityfocus.com/archive/1/483357/100/0/threaded	BUGTRAQ
47	http://www.securityfocus.com/archive/1/483579/100/0/threaded	BUGTRAQ
48	http://www.securityfocus.com/bid/26346	BID	Patch
49	http://www.us-cert.gov/cas/techalerts/TA07-352A.html	CERT	US Government Resource
50	http://www.vupen.com/english/advisories/2007/3725	VUPEN
51	http://www.vupen.com/english/advisories/2007/3790	VUPEN
52	http://www.vupen.com/english/advisories/2007/4238	VUPEN
53	http://www.vupen.com/english/advisories/2008/0924/references	VUPEN
54	https://exchange.xforce.ibmcloud.com/vulnerabilities/38272	XF
55	https://issues.rpath.com/browse/RPL-1738	CONFIRM
56	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725	OVAL
57	https://usn.ubuntu.com/547-1/	UBUNTU
58	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html	FEDORA

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

PCRE ライブラリにおける正規表現の取り扱いに関する任意のコードを実行される脆弱性

Title	PCRE ライブラリにおける正規表現の取り扱いに関する任意のコードを実行される脆弱性
Summary	Perl-Compatible Regular Expression (PCRE) ライブラリには、正規表現の取り扱いに不備があり、任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により PCRE を利用するプログラムをサービス運用妨害 (DoS) 状態にされる、もしくは任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 7, 2007, midnight
Registration Date	Nov. 27, 2007, 4:58 p.m.
Last Update	Sept. 2, 2013, 6:40 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

RHEL Desktop Workstation 5 (client)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5.2

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5.2

pcre.org

PCRE 7.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-1659	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
National Vulnerability Database (NVD)
2	CVE-2007-1659	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1659

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	Security Update 2007-009	http://docs.info.apple.com/article.html?artnum=307179-en
2	Security Update 2008-002	http://support.apple.com/kb/HT1249
Apple セキュリティアップデート
3	Security Update 2007-009	http://docs.info.apple.com/article.html?artnum=307179-ja
4	Security Update 2008-002	http://support.apple.com/kb/HT1249?viewlocale=ja_JP&locale=ja_JP
Asianux Technical Support Network
5	pcre-6.6-2.1	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=73
opensuse-security-announce
6	SUSE-SA:2008:004	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
PCRE
7	Version 7.3 28-Aug-07	http://www.pcre.org/changelog.txt
Red Hat Security Advisory
8	RHSA-2007:0967	https://rhn.redhat.com/errata/RHSA-2007-0967.html
9	RHSA-2007:1068	https://rhn.redhat.com/errata/RHSA-2007-1068.html
レッドハットセキュリティーアップデート
10	RHSA-2007:0967	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0967J.html
11	RHSA-2007:1068	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-1068J.html

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2007-3725	http://www.frsirt.com/english/advisories/2007/3725
ISS X-Force Database
2	38272	http://xforce.iss.net/xforce/xfdb/38272
JVN
3	JVNTA08-079A	http://jvn.jp/cert/JVNTA08-079A/index.html
JVN Status Tracking Notes
4	TRTA08-079A	http://jvn.jp/tr/TRTA08-079A/index.html
Secunia Advisory
5	SA27543	http://secunia.com/advisories/27543/
SecurityFocus
6	26346	http://www.securityfocus.com/bid/26346
SecurityTracker
7	1018895	http://securitytracker.com/id?1018895
US-CERT Cyber Security Alerts
8	SA08-079A	http://www.us-cert.gov/cas/alerts/SA08-079A.html
US-CERT Technical Cyber Security Alert
9	TA08-079A	http://www.us-cert.gov/cas/techalerts/TA08-079A.html

Change Log

No	Changed Details	Date of change
0	[2007年11月27日] 掲載 [2007年12月17日] 影響を受けるシステム：ミラクル・リナックス (pcre-6.6-2.1) の情報追加影響を受けるシステム：レッドハット (RHSA-2007:1068) の情報追加ベンダ情報：ミラクル・リナックス (pcre-6.6-2.1) 追加ベンダ情報：レッドハット (RHSA-2007:1068) 追加 [2008年01月04日] 影響を受けるシステム：アップル (Security Update 2007-009) の情報追加ベンダ情報：アップル (Security Update 2007-009) 追加 [2008年04月01日] 影響を受けるシステム：アップル (Security Update 2008-002) の情報追加ベンダ情報：アップル (Security Update 2008-002) 追加 [2013年09月02日] ベンダ情報：openSUSE (SUSE-SA:2008:004) を追加	Feb. 17, 2018, 10:37 a.m.