Vulnerabilidad en Desbordamiento de búfer mediante secuencias Unicode en librería Perl-Compatible Regular Expression (CVE-2007-4768)
Gravedad CVSS v2.0:
MEDIA
Tipo:
CWE-119
Restricción de operaciones inapropiada dentro de los límites del búfer de la memoria
Fecha de publicación:
07/11/2007
Última modificación:
09/04/2025
Descripción
Desbordamiento de búfer basado en montículo en la librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante una secuencia de caracteres Unicode unitarios en una clase character de un patrón de expresión regular, lo cual está optimizado incorrectamente.
Impacto
Puntuación base 2.0
6.80
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* | 6.0 (incluyendo) | |
| cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* | 6.1 (incluyendo) | |
| cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* | 7.3 (incluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://docs.info.apple.com/article.html?artnum=307179
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27697
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/28136
- http://secunia.com/advisories/28157
- http://secunia.com/advisories/28161
- http://secunia.com/advisories/28213
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://secunia.com/advisories/28570
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- http://secunia.com/advisories/29267
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/30106
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://secunia.com/advisories/30507
- http://secunia.com/advisories/30840
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://securitytracker.com/id?1019116=
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
- http://www.adobe.com/support/security/bulletins/apsb07-20.html
- http://www.adobe.com/support/security/bulletins/apsb08-13.html
- http://www.debian.org/security/2007/dsa-1399
- http://www.debian.org/security/2008/dsa-1570
- http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A211
- http://www.redhat.com/support/errata/RHSA-2007-1126.html
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/bid/26346
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.us-cert.gov/cas/techalerts/TA07-355A.html
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2007/3790
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/4258
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/1724/references
- http://www.vupen.com/english/advisories/2008/1966/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38278
- https://issues.rpath.com/browse/RPL-1738
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701
- https://usn.ubuntu.com/547-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://docs.info.apple.com/article.html?artnum=307179
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27697
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/28136
- http://secunia.com/advisories/28157
- http://secunia.com/advisories/28161
- http://secunia.com/advisories/28213
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://secunia.com/advisories/28570
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- http://secunia.com/advisories/29267
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/30106
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://secunia.com/advisories/30507
- http://secunia.com/advisories/30840
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://securitytracker.com/id?1019116=
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
- http://www.adobe.com/support/security/bulletins/apsb07-20.html
- http://www.adobe.com/support/security/bulletins/apsb08-13.html
- http://www.debian.org/security/2007/dsa-1399
- http://www.debian.org/security/2008/dsa-1570
- http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A211
- http://www.redhat.com/support/errata/RHSA-2007-1126.html
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/bid/26346
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.us-cert.gov/cas/techalerts/TA07-355A.html
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2007/3790
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/4258
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/1724/references
- http://www.vupen.com/english/advisories/2008/1966/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38278
- https://issues.rpath.com/browse/RPL-1738
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701
- https://usn.ubuntu.com/547-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html