CVE-2007-6067
Vulnerability Summary
Timeline
Description
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.8AV:N/AC:L/Au:S/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.53%• Percentile: 68%
Techniques & Countermeasures
- CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
Affected Systems
- postgresql•postgresql
7.3 | 7.3.1 | 7.3.2 | 7.3.3 | 7.3.4 | 7.3.6 | 7.3.8 | 7.3.9 | 7.3.10 | 7.3.11 | 7.3.12 | 7.3.13 | 7.3.14 | 7.3.15 | 7.3.16 | 7.3.19 | 7.4 | 7.4.1 | 7.4.2 | 7.4.3 | 7.4.4 | 7.4.5 | 7.4.6 | 7.4.7 | 7.4.8 | 7.4.9 | 7.4.10 | 7.4.11 | 7.4.12 | 7.4.13 | 7.4.14 | 7.4.16 | 7.4.17 | 8.0 | 8.0.1 | 8.0.2 | 8.0.3 | 8.0.4 | 8.0.5 | 8.0.7 | 8.0.8 | 8.0.9 | 8.0.11 | 8.0.13 | 8.0.317 | 8.1.1 | 8.1.3 | 8.1.4 | 8.1.5 | 8.1.7 | 8.1.8 | 8.1.9 | 8.2 | 8.2.2 | 8.2.3 | 8.2.4
- tcl_tk•tcl_tk
≤ 8.4.16
References (40)
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- http://www.debian.org/security/2008/dsa-1460
- http://rhn.redhat.com/errata/RHSA-2013-0122.html
- http://www.securityfocus.com/bid/27163
- https://issues.rpath.com/browse/RPL-1768
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39498
- http://secunia.com/advisories/28454
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235
- http://secunia.com/advisories/28359
- http://www.postgresql.org/about/news.905
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://www.vupen.com/english/advisories/2008/0061
- http://secunia.com/advisories/28679
- http://www.vupen.com/english/advisories/2008/0109
- http://secunia.com/advisories/28376
- http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28455
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/29638
- http://secunia.com/advisories/28479
- http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
- http://www.debian.org/security/2008/dsa-1463
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28698
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- https://usn.ubuntu.com/568-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
- http://secunia.com/advisories/28438
- http://securitytracker.com/id?1019157
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://www.vupen.com/english/advisories/2008/1071/references