Skip to navigation

CVE Database

CVE-2007-1660

Impact: Important
Public: 2007-11-05
Bugzilla: 315881: CVE-2007-1660 pcre regular expression flaws

Details

The MITRE CVE dictionary describes this issue as:

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Find out more about CVE-2007-1660 from the MITRE CVE dictionary and NIST NVD.

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 2.1 (pcre) RHSA-2007:1065 November 29, 2007
Red Hat Enterprise Linux version 2.1 (php) RHSA-2008:0546 July 16, 2008
Red Hat Enterprise Linux version 3 (pcre) RHSA-2007:1063 November 29, 2007
Red Hat Enterprise Linux version 4 (pcre) RHSA-2007:0968 November 05, 2007
Red Hat Enterprise Linux version 5 (pcre) RHSA-2007:0967 November 05, 2007

External References

Acknowledgements

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.