CVE-2007-6067

PostgreSQL 8.2-8.2.5, 8.1-8.1.10, 8.0-8.0.14, 7.4-7.4.18 - DoS via Complex Regex

Title source: llm

Description

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

References (40)

Core 40

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:004

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1460

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0122.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27163

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1768

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0038.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39498

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28454

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/485864/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28359

Various Sources x_refsource_confirm

http://www.postgresql.org/about/news.905

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0061

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28679

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0109

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28376

Exploit x_refsource_confirm

http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28437

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28455

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28477

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29638

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28479

Product x_refsource_confirm

http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1463

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0040.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/486407/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28464

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28698

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/568-1/

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28438

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1019157

Vendor Advisory x_refsource_confirm

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200801-15.xml

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1071/references

Scores

EPSS 0.0053

EPSS Percentile 67.6%

Details

CWE

CWE-189

Status published

Products (50)

postgresql/postgresql 7.3

postgresql/postgresql 7.3.1

postgresql/postgresql 7.3.2

postgresql/postgresql 7.3.3

postgresql/postgresql 7.3.4

postgresql/postgresql 7.3.6

postgresql/postgresql 7.3.8

postgresql/postgresql 7.3.9

postgresql/postgresql 7.3.10

postgresql/postgresql 7.3.11

... and 40 more

Published Jan 09, 2008

Tracked Since Feb 18, 2026