CVE-2006-7228 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2006-7228

CVE-2006-7228

November 14, 2007

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Related Resources (52)

http://secunia.com/advisories/28041

http://security.gentoo.org/glsa/glsa-200802-10.xml

http://www.redhat.com/support/errata/RHSA-2007-1077.html

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

http://scary.beasts.org/security/CESA-2007-006.html

http://www.vupen.com/english/advisories/2008/1234/references

https://bugzilla.redhat.com/show_bug.cgi?id=383371

http://www.securityfocus.com/bid/26462

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810

http://secunia.com/advisories/28714

http://secunia.com/advisories/27776

http://www.pcre.org/changelog.txt

http://secunia.com/advisories/28050

http://www.mandriva.com/security/advisories?name=MDVSA-2008:030

http://secunia.com/advisories/30106

http://secunia.com/advisories/27773

https://people.canonical.com/~ubuntu-security/cve/CVE-2006-7228

http://secunia.com/advisories/28658

http://bugs.gentoo.org/show_bug.cgi?id=198976

http://www.securityfocus.com/archive/1/488457/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-1063.html

http://secunia.com/advisories/30219

http://www.novell.com/linux/security/advisories/2007_62_pcre.html

http://www.debian.org/security/2008/dsa-1570

http://security.gentoo.org/glsa/glsa-200801-02.xml

http://secunia.com/advisories/29785

http://www.securityfocus.com/archive/1/490917/100/0/threaded

http://secunia.com/advisories/29032

http://secunia.com/advisories/28027

http://security.gentoo.org/glsa/glsa-200801-19.xml

http://www.redhat.com/support/errata/RHSA-2007-1068.html

http://secunia.com/advisories/28414

http://secunia.com/advisories/29085

http://www.vupen.com/english/advisories/2008/0637

http://security.gentoo.org/glsa/glsa-200711-30.xml

https://access.redhat.com/security/cve/CVE-2006-7228

http://www.redhat.com/support/errata/RHSA-2007-1065.html

http://lists.vmware.com/pipermail/security-announce/2008/000005.html

http://security.gentoo.org/glsa/glsa-200801-18.xml

http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm

http://secunia.com/advisories/28406

http://security.gentoo.org/glsa/glsa-200805-11.xml

http://www.redhat.com/support/errata/RHSA-2007-1076.html

http://secunia.com/advisories/30155

http://secunia.com/advisories/27582

http://www.redhat.com/support/errata/RHSA-2008-0546.html

http://secunia.com/advisories/28720

http://www.mandriva.com/security/advisories?name=MDVSA-2008:012

http://secunia.com/advisories/27741

http://www.redhat.com/support/errata/RHSA-2007-1059.html

http://lists.vmware.com/pipermail/security-announce/2008/000014.html

http://secunia.com/advisories/31124

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

6.8

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

EPSS

Base Score:

2.88