CPANSA-Tcl-2007-6067-tcl: Tcl vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2008-01-09T00:00:00	Engine	CSAF Perl Toolkit 0.26
Current release date	2008-01-09T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score		Severity
Original language		Language	en
Also referred to

Vulnerability Description

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

Vulnerabilities

CVE-2007-6067

Vulnerability Description

Weakness	CWE-189 : Numeric Errors

Product status

Known affected

Product

Score

Tcl greater than or equal 0.89 and less than or equal 1.27

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
2.0	AV:N/AC:L/Au:S/C:N/I:N/A:C	6.8	Medium

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-Tcl-2007-6067-tcl JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2008/cpansa-tcl-2007-6067-tcl.json
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894 external
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
http://www.postgresql.org/about/news.905 external
http://www.postgresql.org/about/news.905
http://www.securityfocus.com/bid/27163 external
http://www.securityfocus.com/bid/27163
http://securitytracker.com/id?1019157 external
http://securitytracker.com/id?1019157
http://secunia.com/advisories/28359 external
http://secunia.com/advisories/28359
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894 external
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 external
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
https://issues.rpath.com/browse/RPL-1768 external
https://issues.rpath.com/browse/RPL-1768
http://www.debian.org/security/2008/dsa-1460 external
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463 external
http://www.debian.org/security/2008/dsa-1463
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html external
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html external
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
http://www.redhat.com/support/errata/RHSA-2008-0038.html external
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://secunia.com/advisories/28376 external
http://secunia.com/advisories/28376
http://secunia.com/advisories/28438 external
http://secunia.com/advisories/28438
http://secunia.com/advisories/28437 external
http://secunia.com/advisories/28437
http://secunia.com/advisories/28454 external
http://secunia.com/advisories/28454
http://secunia.com/advisories/28464 external
http://secunia.com/advisories/28464
http://secunia.com/advisories/28477 external
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479 external
http://secunia.com/advisories/28479
http://secunia.com/advisories/28455 external
http://secunia.com/advisories/28455
http://security.gentoo.org/glsa/glsa-200801-15.xml external
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://secunia.com/advisories/28679 external
http://secunia.com/advisories/28679
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html external
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://secunia.com/advisories/28698 external
http://secunia.com/advisories/28698
http://www.redhat.com/support/errata/RHSA-2008-0040.html external
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://secunia.com/advisories/29638 external
http://secunia.com/advisories/29638
http://www.vupen.com/english/advisories/2008/1071/references external
http://www.vupen.com/english/advisories/2008/1071/references
http://www.vupen.com/english/advisories/2008/0109 external
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/0061 external
http://www.vupen.com/english/advisories/2008/0061
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 external
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://rhn.redhat.com/errata/RHSA-2013-0122.html external
http://rhn.redhat.com/errata/RHSA-2013-0122.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://exchange.xforce.ibmcloud.com/vulnerabilities/39498 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/39498
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235 external
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235
https://usn.ubuntu.com/568-1/ external
https://usn.ubuntu.com/568-1/
http://www.securityfocus.com/archive/1/486407/100/0/threaded external
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/archive/1/485864/100/0/threaded external
http://www.securityfocus.com/archive/1/485864/100/0/threaded
CVE-2007-6067 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2007-6067

Revision history

Version	Date of the revision	Summary of the revision
1	Wed Jan 9 00:00:00 2008	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/