CVE-2006-7228 - Vulnerability Details

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pcre	Pcre
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
pcre-0:3.4-2.4	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:1065	2007-11-29T00:00:00Z
python-0:1.5.2-43.72.2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:1077	2007-12-10T00:00:00Z
php-0:4.1.2-2.20	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0546	2008-07-16T00:00:00Z
Red Hat Enterprise Linux 3
pcre-0:3.9-10.4	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:1063	2007-11-29T00:00:00Z
python-0:2.2.3-6.8	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:1076	2007-12-10T00:00:00Z
Red Hat Enterprise Linux 4
pcre-0:4.5-4.el4_6.6	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:1068	2007-11-29T00:00:00Z
python-0:2.3.4-14.4.el4_6.1	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:1076	2007-12-10T00:00:00Z
Red Hat Enterprise Linux 5
pcre-0:6.6-2.el5_1.7	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:1059	2007-11-29T00:00:00Z

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
http://lists.vmware.com/pipermail/security-announce/2008/000014.html
http://scary.beasts.org/security/CESA-2007-006.html
http://secunia.com/advisories/27582
http://secunia.com/advisories/27741
http://secunia.com/advisories/27773
http://secunia.com/advisories/27776
http://secunia.com/advisories/28027
http://secunia.com/advisories/28041
http://secunia.com/advisories/28050
http://secunia.com/advisories/28406
http://secunia.com/advisories/28414
http://secunia.com/advisories/28658
http://secunia.com/advisories/28714
http://secunia.com/advisories/28720
http://secunia.com/advisories/29032
http://secunia.com/advisories/29085
http://secunia.com/advisories/29785
http://secunia.com/advisories/30106
http://secunia.com/advisories/30155
http://secunia.com/advisories/30219
http://secunia.com/advisories/31124
http://security.gentoo.org/glsa/glsa-200711-30.xml
http://security.gentoo.org/glsa/glsa-200801-02.xml
http://security.gentoo.org/glsa/glsa-200801-18.xml
http://security.gentoo.org/glsa/glsa-200801-19.xml
http://security.gentoo.org/glsa/glsa-200802-10.xml
http://security.gentoo.org/glsa/glsa-200805-11.xml
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
http://www.debian.org/security/2008/dsa-1570
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
http://www.pcre.org/changelog.txt
http://www.redhat.com/support/errata/RHSA-2007-1059.html
http://www.redhat.com/support/errata/RHSA-2007-1063.html
http://www.redhat.com/support/errata/RHSA-2007-1065.html
http://www.redhat.com/support/errata/RHSA-2007-1068.html
http://www.redhat.com/support/errata/RHSA-2007-1076.html
http://www.redhat.com/support/errata/RHSA-2007-1077.html
http://www.redhat.com/support/errata/RHSA-2008-0546.html
http://www.securityfocus.com/archive/1/488457/100/0/threaded
http://www.securityfocus.com/archive/1/490917/100/0/threaded
http://www.securityfocus.com/bid/26462
http://www.vupen.com/english/advisories/2008/0637
http://www.vupen.com/english/advisories/2008/1234/references
https://bugzilla.redhat.com/show_bug.cgi?id=383371
https://nvd.nist.gov/vuln/detail/CVE-2006-7228
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810
https://www.cve.org/CVERecord?id=CVE-2006-7228

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-11-14T21:00:00

Updated: 2024-08-07T20:57:40.778Z

Reserved: 2007-11-14T00:00:00

Link: CVE-2006-7228

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-11-14T21:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-7228

Redhat

Severity : Important

Publid Date: 2007-11-07T00:00:00Z

Links: CVE-2006-7228 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"}, {"name": "30219", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30219"}, {"name": "27776", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27776"}, {"name": "GLSA-200711-30", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"}, {"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"name": "28050", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28050"}, {"name": "MDVSA-2008:030", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"}, {"name": "RHSA-2008:0546", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"}, {"name": "DSA-1570", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1570"}, {"name": "SUSE-SA:2008:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"}, {"name": "28658", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28658"}, {"name": "27773", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27773"}, {"name": "28406", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28406"}, {"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"name": "29032", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29032"}, {"name": "RHSA-2007:1065", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"}, {"name": "31124", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31124"}, {"name": "29085", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29085"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"}, {"name": "RHSA-2007:1077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"}, {"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"name": "26462", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26462"}, {"name": "29785", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29785"}, {"name": "RHSA-2007:1076", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"name": "RHSA-2007:1068", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"}, {"name": "ADV-2008-0637", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"name": "GLSA-200805-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"}, {"name": "RHSA-2007:1059", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"}, {"name": "ADV-2008-1234", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"name": "28041", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28041"}, {"name": "GLSA-200802-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200802-10.xml"}, {"name": "28027", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28027"}, {"name": "27741", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27741"}, {"name": "oval:org.mitre.oval:def:10810", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810"}, {"name": "MDVSA-2008:012", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"name": "SUSE-SA:2007:062", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.pcre.org/changelog.txt"}, {"name": "30155", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30155"}, {"name": "RHSA-2007:1063", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"}, {"name": "28720", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28720"}, {"name": "GLSA-200801-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"}, {"name": "27582", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27582"}, {"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"}, {"tags": ["x_refsource_MISC"], "url": "http://scary.beasts.org/security/CESA-2007-006.html"}, {"name": "GLSA-200801-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"}, {"name": "GLSA-200801-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"}, {"name": "28414", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28414"}, {"name": "30106", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30106"}, {"name": "28714", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28714"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:57:40.778Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"}, {"name": "30219", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30219"}, {"name": "27776", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27776"}, {"name": "GLSA-200711-30", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"}, {"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"name": "28050", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28050"}, {"name": "MDVSA-2008:030", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"}, {"name": "RHSA-2008:0546", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"}, {"name": "DSA-1570", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1570"}, {"name": "SUSE-SA:2008:004", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"}, {"name": "28658", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28658"}, {"name": "27773", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27773"}, {"name": "28406", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28406"}, {"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"name": "29032", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29032"}, {"name": "RHSA-2007:1065", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"}, {"name": "31124", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31124"}, {"name": "29085", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29085"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"}, {"name": "RHSA-2007:1077", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"}, {"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"name": "26462", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26462"}, {"name": "29785", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29785"}, {"name": "RHSA-2007:1076", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"name": "RHSA-2007:1068", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"}, {"name": "ADV-2008-0637", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"name": "GLSA-200805-11", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"}, {"name": "RHSA-2007:1059", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"}, {"name": "ADV-2008-1234", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"name": "28041", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28041"}, {"name": "GLSA-200802-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200802-10.xml"}, {"name": "28027", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28027"}, {"name": "27741", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27741"}, {"name": "oval:org.mitre.oval:def:10810", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810"}, {"name": "MDVSA-2008:012", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"name": "SUSE-SA:2007:062", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pcre.org/changelog.txt"}, {"name": "30155", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30155"}, {"name": "RHSA-2007:1063", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"}, {"name": "28720", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28720"}, {"name": "GLSA-200801-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"}, {"name": "27582", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27582"}, {"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://scary.beasts.org/security/CESA-2007-006.html"}, {"name": "GLSA-200801-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"}, {"name": "GLSA-200801-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"}, {"name": "28414", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28414"}, {"name": "30106", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30106"}, {"name": "28714", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28714"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-7228", "datePublished": "2007-11-14T21:00:00", "dateReserved": "2007-11-14T00:00:00", "dateUpdated": "2024-08-07T20:57:40.778Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*", "matchCriteriaId": "03C81A67-7297-4B87-956F-D61E11FEB9F4", "versionEndIncluding": "6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."}, {"lang": "es", "value": "Desbordamiento de entero en librer\u00eda Perl-Compatible Regular Expression (PCRE) anterior a 6.7 podr\u00eda permitir a atacantes locales o remotos (dependiendo del contexto) ejecutar c\u00f3digo de su elecci\u00f3n mediante una expresi\u00f3n regular que involucra grandes valores (1) min, (2) max, o (3) duplength que provocan un c\u00e1lculo incorrecto de la longitud y disparan un desbordamiento de b\u00fafer, una vulnerabilidad diferente de CVE-2006-7227. NOTA: este problema estaba incluido originalmente en CVE-2006-7224, pero ese CVE ha sido rechazado y dividido."}], "id": "CVE-2006-7228", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-14T21:46:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"}, {"source": "secalert@redhat.com", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"source": "secalert@redhat.com", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"source": "secalert@redhat.com", "url": "http://scary.beasts.org/security/CESA-2007-006.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://secunia.com/advisories/27582"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27741"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27773"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27776"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28027"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28041"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28050"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28406"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28414"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28658"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28714"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28720"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29032"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29085"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29785"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30106"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30155"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30219"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31124"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200802-10.xml"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1570"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"}, {"source": "secalert@redhat.com", "url": "http://www.pcre.org/changelog.txt"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/26462"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://scary.beasts.org/security/CESA-2007-006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://secunia.com/advisories/27582"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27773"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27776"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28027"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28414"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30219"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200802-10.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1570"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.pcre.org/changelog.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-1063.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-1065.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:1065", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "pcre-0:3.4-2.4", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-11-29T00:00:00Z"}, {"advisory": "RHSA-2007:1077", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "python-0:1.5.2-43.72.2", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-12-10T00:00:00Z"}, {"advisory": "RHSA-2008:0546", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "php-0:4.1.2-2.20", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2008-07-16T00:00:00Z"}, {"advisory": "RHSA-2007:1063", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "pcre-0:3.9-10.4", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-11-29T00:00:00Z"}, {"advisory": "RHSA-2007:1076", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "python-0:2.2.3-6.8", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-12-10T00:00:00Z"}, {"advisory": "RHSA-2007:1068", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "pcre-0:4.5-4.el4_6.6", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-11-29T00:00:00Z"}, {"advisory": "RHSA-2007:1076", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "python-0:2.3.4-14.4.el4_6.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-12-10T00:00:00Z"}, {"advisory": "RHSA-2007:1059", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "pcre-0:6.6-2.el5_1.7", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-11-29T00:00:00Z"}], "bugzilla": {"description": "pcre integer overflow", "id": "383371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371"}, "csaw": false, "cwe": "CWE-190", "details": ["Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."], "name": "CVE-2006-7228", "public_date": "2007-11-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-7228\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-7228"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object