CVE-2006-7227 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-7227
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-7227

Description: Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

CVE Status: Candidate

References: SUSE http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://www.novell.com/linux/security/advisories/2007_62_pcre.html SAID Secunia Advisory: SA28406 Secunia Advisory: SA27869 Secunia Advisory: SA27773 Secunia Advisory: SA27741 Secunia Advisory: SA27582 Secunia Advisory: SA28414 Secunia Advisory: SA28658 Secunia Advisory: SA28714 Secunia Advisory: SA28720 Secunia Advisory: SA30155 Secunia Advisory: SA30219 Secunia Advisory: SA30106 REDHAT http://www.redhat.com/support/errata/RHSA-2007-1052.html MISC http://bugs.gentoo.org/show_bug.cgi?id=198976 http://scary.beasts.org/security/CESA-2007-006.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 GENTOO http://security.gentoo.org/glsa/glsa-200801-19.xml http://security.gentoo.org/glsa/glsa-200805-11.xml http://security.gentoo.org/glsa/glsa-200801-18.xml http://security.gentoo.org/glsa/glsa-200801-02.xml http://security.gentoo.org/glsa/glsa-200711-30.xml DEBIAN http://www.debian.org/security/2008/dsa-1570 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm http://www.pcre.org/changelog.txt BID 26462

Return to the previous page.