Red Hat Customer Portal

Skip to main content

CVE-2007-1660

Impact:
Important
Public Date:
2007-11-05
Bugzilla:
315881: CVE-2007-1660 pcre regular expression flaws

The MITRE CVE dictionary describes this issue as:

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Find out more about CVE-2007-1660 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 (php) RHSA-2008:0546 2008-07-16
Red Hat Enterprise Linux 4 (pcre) RHSA-2007:0968 2007-11-05
Red Hat Enterprise Linux 3 (pcre) RHSA-2007:1063 2007-11-29
Red Hat Enterprise Linux 2.1 (pcre) RHSA-2007:1065 2007-11-29
Red Hat Enterprise Linux 5 (pcre) RHSA-2007:0967 2007-11-05

Acknowledgements

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues.