CVE-2006-7227

Advisory lineage Upstream: 0 Downstream: 3

Downstream

DEBIAN-CVE-2006-7227 DSA-1570-1 RHSA-2007:1052

Modified

Published: 14 Nov 2007, 21:00

Last modified:07 Aug 2024, 20:57

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

6.8 MEDIUM

v2.0 (nvd)

EPSS Score

2.32% LOW

2% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Nov 2007, 21:00

Published

Vulnerability first disclosed

07 Aug 2024, 20:57

Last Modified

Vulnerability information updated

Description

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

CVSS Metrics

v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 2.32%• Percentile: 85%

Techniques & Countermeasures

CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

pcre•pcre
≤ 6.6