CVE-2006-7230

Related Files

Debian Linux Security Advisory 1570-1

Posted May 6, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.

tags | advisory, web

systems | linux, debian

advisories | CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768

SHA-256 | fa6aec9ce94db20975693f5f321e7d96c3c11fc033799147ddb53375db168dc4

Download | Favorite | View

Mandriva Linux Security Advisory 2008-030

Posted Feb 1, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application.

tags | advisory, arbitrary, vulnerability

systems | linux, mandriva

advisories | CVE-2005-4872, CVE-2006-7225, CVE-2006-7226, CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659

SHA-256 | 6438dccbbad93fb63c20daae54da39a23d83c331dd646da101db534c1d021466

Download | Favorite | View

Gentoo Linux Security Advisory 200711-30

Posted Nov 26, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-30 - Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing \Q\E sequences with unmatched \E codes that can lead to the compiled bytecode being corrupted. PCRE does not properly calculate sizes for unspecified multiple forms of character class, which triggers a buffer overflow. Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode and when searching for unmatched brackets or parentheses. Multiple integer overflows when processing escape sequences may lead to invalid memory read operations or potentially cause heap-based buffer overflows. PCRE does not properly handle \P and \P{x} sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops, PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow. Versions less than 7.3-r1 are affected.

tags | advisory, overflow, vulnerability

systems | linux, gentoo

advisories | CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768

SHA-256 | 2cf13565c4553f4360f8a93a282b82bbdd945f46fb26b822c659e837a4d9ca2a

Download | Favorite | View