CPANSA-Tcl-2007-4772-tcl: Tcl vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2008-01-09T00:00:00 | Engine | CSAF Perl Toolkit 0.26 |
| Current release date | 2008-01-09T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
Vulnerabilities
CVE-2007-4772
Vulnerability DescriptionThe regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
| Weakness | CWE-399 : Resource Management Errors |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Tcl greater than or equal 0.89 and less than or equal 1.27 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Tcl-2007-4772-tcl JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2008/cpansa-tcl-2007-4772-tcl.json - http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894 external
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894 - http://www.postgresql.org/about/news.905 external
http://www.postgresql.org/about/news.905 - http://www.securityfocus.com/bid/27163 external
http://www.securityfocus.com/bid/27163 - http://securitytracker.com/id?1019157 external
http://securitytracker.com/id?1019157 - http://secunia.com/advisories/28359 external
http://secunia.com/advisories/28359 - http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894 external
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894 - http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 external
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 - https://issues.rpath.com/browse/RPL-1768 external
https://issues.rpath.com/browse/RPL-1768 - http://www.debian.org/security/2008/dsa-1460 external
http://www.debian.org/security/2008/dsa-1460 - http://www.debian.org/security/2008/dsa-1463 external
http://www.debian.org/security/2008/dsa-1463 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html external
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html external
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html - http://www.redhat.com/support/errata/RHSA-2008-0038.html external
http://www.redhat.com/support/errata/RHSA-2008-0038.html - http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 - http://secunia.com/advisories/28376 external
http://secunia.com/advisories/28376 - http://secunia.com/advisories/28438 external
http://secunia.com/advisories/28438 - http://secunia.com/advisories/28437 external
http://secunia.com/advisories/28437 - http://secunia.com/advisories/28454 external
http://secunia.com/advisories/28454 - http://secunia.com/advisories/28464 external
http://secunia.com/advisories/28464 - http://secunia.com/advisories/28477 external
http://secunia.com/advisories/28477 - http://secunia.com/advisories/28479 external
http://secunia.com/advisories/28479 - http://secunia.com/advisories/28455 external
http://secunia.com/advisories/28455 - http://security.gentoo.org/glsa/glsa-200801-15.xml external
http://security.gentoo.org/glsa/glsa-200801-15.xml - http://secunia.com/advisories/28679 external
http://secunia.com/advisories/28679 - http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html external
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html - http://secunia.com/advisories/28698 external
http://secunia.com/advisories/28698 - http://www.redhat.com/support/errata/RHSA-2008-0040.html external
http://www.redhat.com/support/errata/RHSA-2008-0040.html - http://www.redhat.com/support/errata/RHSA-2008-0134.html external
http://www.redhat.com/support/errata/RHSA-2008-0134.html - http://secunia.com/advisories/29070 external
http://secunia.com/advisories/29070 - http://www.mandriva.com/security/advisories?name=MDVSA-2008:059 external
http://www.mandriva.com/security/advisories?name=MDVSA-2008:059 - http://secunia.com/advisories/29248 external
http://secunia.com/advisories/29248 - http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 - http://secunia.com/advisories/29638 external
http://secunia.com/advisories/29638 - http://www.vmware.com/security/advisories/VMSA-2008-0009.html external
http://www.vmware.com/security/advisories/VMSA-2008-0009.html - http://secunia.com/advisories/30535 external
http://secunia.com/advisories/30535 - http://www.vupen.com/english/advisories/2008/1071/references external
http://www.vupen.com/english/advisories/2008/1071/references - http://www.vupen.com/english/advisories/2008/0109 external
http://www.vupen.com/english/advisories/2008/0109 - http://www.vupen.com/english/advisories/2008/1744 external
http://www.vupen.com/english/advisories/2008/1744 - http://www.vupen.com/english/advisories/2008/0061 external
http://www.vupen.com/english/advisories/2008/0061 - http://rhn.redhat.com/errata/RHSA-2013-0122.html external
http://rhn.redhat.com/errata/RHSA-2013-0122.html - http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 external
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 - http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html external
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html - http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html external
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html - http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html external
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html - http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html external
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html - http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html external
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - https://exchange.xforce.ibmcloud.com/vulnerabilities/39497 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/39497 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569 external
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569 - https://usn.ubuntu.com/568-1/ external
https://usn.ubuntu.com/568-1/ - http://www.securityfocus.com/archive/1/493080/100/0/threaded external
http://www.securityfocus.com/archive/1/493080/100/0/threaded - http://www.securityfocus.com/archive/1/486407/100/0/threaded external
http://www.securityfocus.com/archive/1/486407/100/0/threaded - http://www.securityfocus.com/archive/1/485864/100/0/threaded external
http://www.securityfocus.com/archive/1/485864/100/0/threaded - CVE-2007-4772 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2007-4772
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed Jan 9 00:00:00 2008 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/