All the vulnerabilites related to tcl_tk - tcl_tk
Vulnerability from fkie_nvd
Published
2007-05-29 20:30
Modified
2024-11-21 00:31
Severity ?
Summary
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
Impacted products
Vendor Product Version
tcl_tk tcl_tk *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2914EB31-D780-4B50-AE06-CE6FEED865A8",
              "versionEndIncluding": "8.5a5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en tcl/win/tclWinReg.c en Tcl (Tcl/Tk) anterior a 8.5a6 permite a usuarios locales obtener privilegios mediante rutas de clave de registro largas."
    }
  ],
  "id": "CVE-2007-2877",
  "lastModified": "2024-11-21T00:31:52.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-29T20:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36528"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25401"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=10894\u0026release_id=503937"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1682211\u0026group_id=10894\u0026atid=110894"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=10894\u0026release_id=503937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1682211\u0026group_id=10894\u0026atid=110894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34515"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-01-09 21:46
Modified
2024-11-21 00:39
Severity ?
Summary
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
References
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
cve@mitre.orghttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2013-0122.html
cve@mitre.orghttp://secunia.com/advisories/28359Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28376
cve@mitre.orghttp://secunia.com/advisories/28437
cve@mitre.orghttp://secunia.com/advisories/28438
cve@mitre.orghttp://secunia.com/advisories/28454
cve@mitre.orghttp://secunia.com/advisories/28455
cve@mitre.orghttp://secunia.com/advisories/28464
cve@mitre.orghttp://secunia.com/advisories/28477
cve@mitre.orghttp://secunia.com/advisories/28479
cve@mitre.orghttp://secunia.com/advisories/28679
cve@mitre.orghttp://secunia.com/advisories/28698
cve@mitre.orghttp://secunia.com/advisories/29638
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200801-15.xml
cve@mitre.orghttp://securitytracker.com/id?1019157
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
cve@mitre.orghttp://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894Exploit
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1460
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1463
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:004
cve@mitre.orghttp://www.postgresql.org/about/news.905
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0038.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0040.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/485864/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/486407/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/27163Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0061
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0109
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1071/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/39498
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1768
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235
cve@mitre.orghttps://usn.ubuntu.com/568-1/
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0122.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28359Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28376
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28437
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28438
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28454
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28455
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28464
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28477
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28479
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28679
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28698
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29638
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200801-15.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1019157
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894Exploit
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1460
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1463
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/about/news.905
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0038.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0040.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/485864/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/486407/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27163Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0061
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0109
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1071/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39498
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1768
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/568-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
Impacted products
Vendor Product Version
postgresql postgresql 7.3
postgresql postgresql 7.3.1
postgresql postgresql 7.3.2
postgresql postgresql 7.3.3
postgresql postgresql 7.3.4
postgresql postgresql 7.3.6
postgresql postgresql 7.3.8
postgresql postgresql 7.3.9
postgresql postgresql 7.3.10
postgresql postgresql 7.3.11
postgresql postgresql 7.3.12
postgresql postgresql 7.3.13
postgresql postgresql 7.3.14
postgresql postgresql 7.3.15
postgresql postgresql 7.3.16
postgresql postgresql 7.3.19
postgresql postgresql 7.4
postgresql postgresql 7.4.1
postgresql postgresql 7.4.2
postgresql postgresql 7.4.3
postgresql postgresql 7.4.4
postgresql postgresql 7.4.5
postgresql postgresql 7.4.6
postgresql postgresql 7.4.7
postgresql postgresql 7.4.8
postgresql postgresql 7.4.9
postgresql postgresql 7.4.10
postgresql postgresql 7.4.11
postgresql postgresql 7.4.12
postgresql postgresql 7.4.13
postgresql postgresql 7.4.14
postgresql postgresql 7.4.16
postgresql postgresql 7.4.17
postgresql postgresql 8.0
postgresql postgresql 8.0.1
postgresql postgresql 8.0.2
postgresql postgresql 8.0.3
postgresql postgresql 8.0.4
postgresql postgresql 8.0.5
postgresql postgresql 8.0.7
postgresql postgresql 8.0.8
postgresql postgresql 8.0.9
postgresql postgresql 8.0.11
postgresql postgresql 8.0.13
postgresql postgresql 8.0.317
postgresql postgresql 8.1.1
postgresql postgresql 8.1.3
postgresql postgresql 8.1.4
postgresql postgresql 8.1.5
postgresql postgresql 8.1.7
postgresql postgresql 8.1.8
postgresql postgresql 8.1.9
postgresql postgresql 8.2
postgresql postgresql 8.2.2
postgresql postgresql 8.2.3
postgresql postgresql 8.2.4
tcl_tk tcl_tk *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4064A96D-84D5-4257-9981-1139CD4CD08C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98290E4-2919-4492-BD14-BB24BA85C729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B56E9F72-6CBF-4784-89CD-435A030AC0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DEF0FE5-EFCF-448E-B6BD-95FDDD4E17FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B480F0-8FFC-4463-ADC6-95906751811C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "629881D2-2A6D-4461-8C35-6EE575B63E6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A19EB5-A1AF-4293-854D-347CD21065DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B18ED293-B408-435F-9D1F-2365A2E51022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7106B29-76F3-43FD-BF57-4693D5B55076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B804CD-AE47-4B46-9B37-7F46D4C9A332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23E89A3-551D-42E2-90EC-59A9DAB4F854",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC46594-100B-459F-BCB7-1FA9D0719D76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECD278B-55A7-4BCC-8AF1-004F02A96BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "95DB94EF-32AE-4DD9-A9A4-4F7D4BE5F1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE0ED225-91C8-4FA6-9E33-A1D1AA99AA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "99679F07-ED44-47EE-AD51-3139F30B88DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE2567C-BF48-4255-9E56-590A6F9DD932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8DDD98-9A2D-402D-9172-F3C4C4C97FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C8302B-631A-4DF7-839B-C6F3CC39E000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB318EB9-1B49-452A-92CF-89D9BA990AB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5913A53B-7B72-4CBD-ADAE-318333EB8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "815E58C0-327D-4F14-B496-05FC8179627E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF2D056-5120-4F98-8343-4EC31F962CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "516E0E86-3D8A-43F9-9DD5-865F5C889FC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A7A9D3C-4BB6-4974-BF96-6E6728196F4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "486EDE1B-37E0-4DDF-BFC9-C8C8945D5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC7F18-B227-4C46-9A33-FB34DDE456CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDB903F-0C89-4E65-857E-553CF9C192E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6BF8B1E-68F7-4F27-AD1F-FA02B256BDAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0DEB63-CA70-44C1-9491-E0790D1A8E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8E73E5-BA41-4FA2-8457-803A97FB00C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4975D8ED-7DCB-430F-98E1-DB165D6DA7E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCBF8CDE-5E75-4DF8-AE1A-B7377953917A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94222D76-82BE-4FFB-BE4B-5DBAF3080D4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D1232E-4D0A-4BDC-99F6-25AEE014E9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "105E9F52-D17E-4A0B-9C46-FD32A930B1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DE2055D-AAA4-4A6A-918F-349A9749AF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C12409B2-161B-4F78-B7AD-3CF69DDCC574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2F1DA4-6625-469D-988B-5457B68851A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E26D52-D95A-4547-BE6E-4F142F54A624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAB2D1D-BE61-4D7C-B305-58B4F4126620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5F8D8B-34C5-4EBC-BB20-4D11191238B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE16023-9A5E-46D5-B597-E6885C224786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF2794E-6B48-496B-B6CA-CDC7FC2160CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.317:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E78663-EBEA-4C00-9CD0-2115676C86E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEEC35A2-B17C-46EC-8697-9E03568339BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B52D093-7867-4FE8-B055-D8190103A1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1A06EE-26BD-4CDA-AEB9-01124FC37E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF855730-C61C-4FDC-96CB-57775A903421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "992C3EC0-4C12-4FB0-8844-9EFB91DA95E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E3EBF1D-D5BD-4A22-B76A-2BAB21534E70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DC4E8A-A728-4734-B67A-C58C37DA90C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7213327F-6909-43A7-952E-11600C28D4E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F645F3-9767-4FD8-94EB-1096DF24E6C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C342A823-EF6F-4557-9F9E-D8893EA4C2BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85A443F-0802-412F-9AEE-3525311C93D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A797831-3F58-45FD-86F7-5B0A9AA038DB",
              "versionEndIncluding": "8.4.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de complejidad algor\u00edtmica en el analizador de la expresi\u00f3n regular en TCL en versiones anteriores a 8.4.17, tal como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de una expresi\u00f3n regular \"compleja\" manipulada con estados doblemente anidados."
    }
  ],
  "id": "CVE-2007-6067",
  "lastModified": "2024-11-21T00:39:18.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-09T21:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0122.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28359"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28376"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28437"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28438"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28454"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28455"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28464"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28477"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28679"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28698"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29638"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1460"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1463"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.postgresql.org/about/news.905"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0061"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0109"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1071/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39498"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1768"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/568-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0122.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/about/news.905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1071/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/568-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-02-07 21:00
Modified
2024-11-21 00:42
Severity ?
Summary
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
secalert@redhat.comhttp://secunia.com/advisories/28784Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/28807Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/28848Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/28857Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/28867Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/28954Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/29069Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/29070Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/29622Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30129Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30188Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30535Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30717Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30783Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/32608
secalert@redhat.comhttp://securitytracker.com/id?1019309
secalert@redhat.comhttp://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
secalert@redhat.comhttp://ubuntu.com/usn/usn-664-1
secalert@redhat.comhttp://wiki.rpath.com/Advisories:rPSA-2008-0054
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1490
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1491
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1598
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:041
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2008_13_sr.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0134.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0135.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0136.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/488069/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/493080/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/27655Patch
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2008-0009.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/0430Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1456/referencesVendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1744Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=431518
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-2215
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28784Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28807Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28848Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28857Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28867Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28954Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29069Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29070Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29622Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30129Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30535Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30717Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30783Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32608
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1019309
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-664-1
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2008-0054
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1490
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1491
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1598
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:041
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2008_13_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0134.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0135.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0136.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488069/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493080/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27655Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0009.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0430Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1456/referencesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1744Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=431518
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2215
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF6AAA4-A3BD-4436-B5A5-070AC79F260D",
              "versionEndIncluding": "8.4.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F06FEF3-A290-4256-ADB7-BC6E59A57852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F451113-3A1C-455C-A328-149121C8C204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:4.0p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A85D7C-DF70-4AF6-94F0-881D35082E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E131184A-BD9E-41CF-B3D0-AB9E87834C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:6.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "546DC29B-2A50-420A-AECD-EF526363AF2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B5AC3C-9F3E-499F-9EA7-5A0F9A889934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9819E03A-8A9E-4483-BBEB-4B3708798960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D7BBC1-70C7-4509-B9A7-4B08615B1BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CCF8D59-9712-4C55-A680-7DD7C17EE8C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF4B0EEA-735E-4BB6-96E4-133F293A7295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2545F45-2F35-442B-84BA-DC7649E55672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77D4364D-9BB0-47A2-BFA6-37C369C3E6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A799BDBF-A56B-4125-A385-5FF87A0B069A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4DCB1D-DD71-4C85-97E6-55AB467A8CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "509225EF-4423-45AE-AC86-5CF7188DF7B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:7.5p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B924063-CD33-44ED-BBB6-42FC6A12BD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C9F9F96-DE6F-4B77-8715-360543E95E19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:7.6p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F297D4B0-40DE-4728-B840-584441AB809B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C60D84-229A-43CA-8481-5634A3CFBF1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "05182123-3F45-4936-A7F1-5B1328C81C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9583698-C566-40DF-912F-325454C74F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E514C1-574A-41B3-84AB-50014CDAEE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.0p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A43DF20C-5EE3-45AC-A4B9-8C0DC9EC1840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3CFE21-4641-4982-9791-ABD3FE1311BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5FFF507-18EE-4C64-BB86-48C97D7C9CD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64F535C-A346-456F-AD99-8B135121390C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B6F5E4-CE71-4359-8F05-4DF63E31BF6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49767838-28BB-4B95-B70C-CD945B3E6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA597D-65CA-43B4-9742-F8FA7EB1CDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1734A66C-D961-4740-82F4-F93B6D502C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F9AD15-E604-4048-97C2-480AF00BE3C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C10E232-F532-4F2E-9DA7-44C10719CAC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A9E15B7-5018-4941-8DC9-A6FC84262F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB3FDAD-D0AD-410B-9FB3-001978DA0AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4793F51C-293F-4A56-8789-B04FE3CBA958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270A67C9-96BC-4B36-8B66-2EFFB7708C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "955AA2E1-9B15-431C-8A24-DC2A06E24715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F55BFF-E9E1-4C97-A0DB-5F905406C55E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8536661B-E5A9-4D08-BC0E-0770A37E0545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "574D7E14-49CE-478F-BD12-804F13146E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5165B956-F82A-4500-8B04-ADA0A100C4EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CB2CB3-BBC6-4F69-BDEB-53377444BD61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "56710692-2D3A-4FB1-A3FD-8875946B7130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "219B6B61-C2CE-418B-81A0-C9CEE6B9474A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "18EA39DD-B688-420B-A0EC-CE6F99DE2BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6103F8D2-277F-4ECF-B72C-90E97896758B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "85C5C1CF-6DAF-4521-AFE9-606A5436C40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70C2629-E2C1-422D-BDFA-1E0495A5ED4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "89651A15-A000-42A8-9268-4014BF34410A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B54926-8A20-4743-9F9B-D255A84FE6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "39901A5E-7CB4-42C8-90A1-25487BA0FC4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA3ECB75-5962-4362-98CF-CC31F72ED021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0689AA7-2B44-4202-B782-E47612115700",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4a3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2BA9A0-AE55-4F30-B27D-E48F2371F29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4a4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8A3AA4-2236-40BA-99BB-A215B69230A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D892065-8B50-48FE-8716-09F351104FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDEEDB4-DA0A-45EF-A8BA-079671E10F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE930FC-E77F-4EB8-A3B8-E4B1A6433BFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5_a3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA27B876-A7F8-4805-B653-21D31D06CFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5a1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2872DCD-CD4E-4341-BE3F-0CED3F06B934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D3DE5A6-F00A-4AA5-9974-B8D2B1DE1084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5a3:*:*:*:*:*:*:*",
              "matchCriteriaId": "514AD04E-39AE-49FB-AB26-B425F1D5B34D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5a4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE837C2-2C20-4F8B-A92C-0F5D97974522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5a5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA678572-F6AE-4CC3-AE58-D420D695A297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5a6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D643E2-5344-4B34-AD4B-20B4870E40F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "41FEC657-2316-45B6-B9DC-1F87C9A74CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCEDEAA3-3EA8-4BF4-8A27-4F485AD60E15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.5b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D387207-B013-4D8A-82C4-F4B6FB004E09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n ReadImage en el archivo tkImgGIF.c en Tk (Tcl/Tk) versiones anteriores a 8.5.1, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una imagen GIF dise\u00f1ada, un problema similar a CVE-2006-4484."
    }
  ],
  "id": "CVE-2008-0553",
  "lastModified": "2024-11-21T00:42:22.263",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-07T21:00:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28784"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28807"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28848"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28857"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28867"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28954"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29069"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29070"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29622"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30129"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30188"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30535"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30717"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30783"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32608"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1019309"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=573933\u0026group_id=10894"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ubuntu.com/usn/usn-664-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0054"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1490"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1491"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1598"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0134.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0135.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/488069/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27655"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0430"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1456/references"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431518"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-2215"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=573933\u0026group_id=10894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ubuntu.com/usn/usn-664-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0134.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488069/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1456/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-09-28 21:17
Modified
2024-11-21 00:37
Severity ?
Summary
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
References
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=192539
cve@mitre.orghttp://secunia.com/advisories/26942Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27086
cve@mitre.orghttp://secunia.com/advisories/27182
cve@mitre.orghttp://secunia.com/advisories/27207
cve@mitre.orghttp://secunia.com/advisories/27229
cve@mitre.orghttp://secunia.com/advisories/27295
cve@mitre.orghttp://secunia.com/advisories/29069
cve@mitre.orghttp://secunia.com/advisories/34297
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200710-07.xml
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?release_id=541207Patch
cve@mitre.orghttp://www.attrition.org/pipermail/vim/2007-October/001826.html
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1743
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:200
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_20_sr.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0136.html
cve@mitre.orghttp://www.securityfocus.com/bid/25826
cve@mitre.orghttp://www.ubuntu.com/usn/usn-529-1
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=192539
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26942Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27086
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27182
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27207
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27229
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27295
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29069
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34297
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200710-07.xml
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=541207Patch
af854a3a-2127-422b-91ae-364da2661108http://www.attrition.org/pipermail/vim/2007-October/001826.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1743
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:200
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_20_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0136.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25826
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-529-1
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html
Impacted products
Vendor Product Version
tcl_tk tcl_tk 8.4.13
tcl_tk tcl_tk 8.4.14
tcl_tk tcl_tk 8.4.15



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "89651A15-A000-42A8-9268-4014BF34410A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B54926-8A20-4743-9F9B-D255A84FE6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:8.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "39901A5E-7CB4-42C8-90A1-25487BA0FC4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first.  NOTE: this issue is due to an incorrect patch for CVE-2007-5378."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la funci\u00f3n ReadImage en el archivo generic/tkImgGIF.c en Tcl (Tcl/Tk) versiones 8.4.13 hasta 8.4.15, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de archivos GIF entrelazados de m\u00falti-trama en los que las tramas posteriores son m\u00e1s peque\u00f1as que la primera. NOTA: este problema es debido a un parche incorrecto para CVE-2007-5378."
    }
  ],
  "id": "CVE-2007-5137",
  "lastModified": "2024-11-21T00:37:12.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-09-28T21:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=192539"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26942"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27086"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27182"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27207"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27295"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29069"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34297"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200710-07.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=541207"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001826.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1743"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25826"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-529-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=192539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200710-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=541207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001826.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-529-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5137\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2007-10-09T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-01-09 21:46
Modified
2024-11-21 00:36
Severity ?
Summary
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
References
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
cve@mitre.orghttp://secunia.com/advisories/28359Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28376Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28437Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28438Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28454Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28455Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28464Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28477
cve@mitre.orghttp://secunia.com/advisories/28479Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28679Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28698Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29638Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200801-15.xml
cve@mitre.orghttp://securitytracker.com/id?1019157
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
cve@mitre.orghttp://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1460
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1463
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:004
cve@mitre.orghttp://www.postgresql.org/about/news.905
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0038.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0040.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/485864/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/486407/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/27163Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0061Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0109Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1071/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/39499
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1768
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804
cve@mitre.orghttps://usn.ubuntu.com/568-1/
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28359Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28376Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28437Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28438Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28454Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28455Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28464Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28477
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28479Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28679Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28698Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29638Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200801-15.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1019157
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1460
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1463
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/about/news.905
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0038.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0040.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/485864/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/486407/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27163Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0061Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0109Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1071/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39499
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1768
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/568-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
Impacted products
Vendor Product Version
postgresql postgresql 7.3
postgresql postgresql 7.3.1
postgresql postgresql 7.3.2
postgresql postgresql 7.3.3
postgresql postgresql 7.3.4
postgresql postgresql 7.3.6
postgresql postgresql 7.3.8
postgresql postgresql 7.3.9
postgresql postgresql 7.3.10
postgresql postgresql 7.3.11
postgresql postgresql 7.3.12
postgresql postgresql 7.3.13
postgresql postgresql 7.3.14
postgresql postgresql 7.3.15
postgresql postgresql 7.3.16
postgresql postgresql 7.3.19
postgresql postgresql 7.4
postgresql postgresql 7.4.1
postgresql postgresql 7.4.2
postgresql postgresql 7.4.3
postgresql postgresql 7.4.4
postgresql postgresql 7.4.5
postgresql postgresql 7.4.6
postgresql postgresql 7.4.7
postgresql postgresql 7.4.8
postgresql postgresql 7.4.9
postgresql postgresql 7.4.10
postgresql postgresql 7.4.11
postgresql postgresql 7.4.12
postgresql postgresql 7.4.13
postgresql postgresql 7.4.14
postgresql postgresql 7.4.16
postgresql postgresql 7.4.17
postgresql postgresql 8.0
postgresql postgresql 8.0.1
postgresql postgresql 8.0.2
postgresql postgresql 8.0.3
postgresql postgresql 8.0.4
postgresql postgresql 8.0.5
postgresql postgresql 8.0.7
postgresql postgresql 8.0.8
postgresql postgresql 8.0.9
postgresql postgresql 8.0.11
postgresql postgresql 8.0.13
postgresql postgresql 8.0.317
postgresql postgresql 8.1.1
postgresql postgresql 8.1.3
postgresql postgresql 8.1.4
postgresql postgresql 8.1.5
postgresql postgresql 8.1.7
postgresql postgresql 8.1.8
postgresql postgresql 8.1.9
postgresql postgresql 8.2
postgresql postgresql 8.2.2
postgresql postgresql 8.2.3
postgresql postgresql 8.2.4
tcl_tk tcl_tk *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4064A96D-84D5-4257-9981-1139CD4CD08C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98290E4-2919-4492-BD14-BB24BA85C729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B56E9F72-6CBF-4784-89CD-435A030AC0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DEF0FE5-EFCF-448E-B6BD-95FDDD4E17FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B480F0-8FFC-4463-ADC6-95906751811C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "629881D2-2A6D-4461-8C35-6EE575B63E6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A19EB5-A1AF-4293-854D-347CD21065DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B18ED293-B408-435F-9D1F-2365A2E51022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7106B29-76F3-43FD-BF57-4693D5B55076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B804CD-AE47-4B46-9B37-7F46D4C9A332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23E89A3-551D-42E2-90EC-59A9DAB4F854",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC46594-100B-459F-BCB7-1FA9D0719D76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECD278B-55A7-4BCC-8AF1-004F02A96BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "95DB94EF-32AE-4DD9-A9A4-4F7D4BE5F1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE0ED225-91C8-4FA6-9E33-A1D1AA99AA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "99679F07-ED44-47EE-AD51-3139F30B88DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE2567C-BF48-4255-9E56-590A6F9DD932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8DDD98-9A2D-402D-9172-F3C4C4C97FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C8302B-631A-4DF7-839B-C6F3CC39E000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB318EB9-1B49-452A-92CF-89D9BA990AB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5913A53B-7B72-4CBD-ADAE-318333EB8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "815E58C0-327D-4F14-B496-05FC8179627E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF2D056-5120-4F98-8343-4EC31F962CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "516E0E86-3D8A-43F9-9DD5-865F5C889FC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A7A9D3C-4BB6-4974-BF96-6E6728196F4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "486EDE1B-37E0-4DDF-BFC9-C8C8945D5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC7F18-B227-4C46-9A33-FB34DDE456CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDB903F-0C89-4E65-857E-553CF9C192E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6BF8B1E-68F7-4F27-AD1F-FA02B256BDAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0DEB63-CA70-44C1-9491-E0790D1A8E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8E73E5-BA41-4FA2-8457-803A97FB00C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4975D8ED-7DCB-430F-98E1-DB165D6DA7E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCBF8CDE-5E75-4DF8-AE1A-B7377953917A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94222D76-82BE-4FFB-BE4B-5DBAF3080D4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D1232E-4D0A-4BDC-99F6-25AEE014E9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "105E9F52-D17E-4A0B-9C46-FD32A930B1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DE2055D-AAA4-4A6A-918F-349A9749AF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C12409B2-161B-4F78-B7AD-3CF69DDCC574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2F1DA4-6625-469D-988B-5457B68851A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E26D52-D95A-4547-BE6E-4F142F54A624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAB2D1D-BE61-4D7C-B305-58B4F4126620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5F8D8B-34C5-4EBC-BB20-4D11191238B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE16023-9A5E-46D5-B597-E6885C224786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF2794E-6B48-496B-B6CA-CDC7FC2160CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.317:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E78663-EBEA-4C00-9CD0-2115676C86E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEEC35A2-B17C-46EC-8697-9E03568339BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B52D093-7867-4FE8-B055-D8190103A1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1A06EE-26BD-4CDA-AEB9-01124FC37E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF855730-C61C-4FDC-96CB-57775A903421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "992C3EC0-4C12-4FB0-8844-9EFB91DA95E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E3EBF1D-D5BD-4A22-B76A-2BAB21534E70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DC4E8A-A728-4734-B67A-C58C37DA90C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7213327F-6909-43A7-952E-11600C28D4E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F645F3-9767-4FD8-94EB-1096DF24E6C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C342A823-EF6F-4557-9F9E-D8893EA4C2BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85A443F-0802-412F-9AEE-3525311C93D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A797831-3F58-45FD-86F7-5B0A9AA038DB",
              "versionEndIncluding": "8.4.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number."
    },
    {
      "lang": "es",
      "value": "El analizador de expresiones regulares en TCL versiones anteriores a 8.4.17, como es usado en PostgreSQL versiones 8.2 anteriores a 8.2.6,versiones 8.1 anteriores a 8.1.11, versiones 8.0 anteriores a 8.0.15 y versiones 7.4 anteriores a 7.4.19, permite a usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del backend) por medio de un n\u00famero backref fuera de l\u00edmites."
    }
  ],
  "id": "CVE-2007-4769",
  "lastModified": "2024-11-21T00:36:24.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-09T21:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28376"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28437"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28438"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28454"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28455"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28464"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28479"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28679"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28698"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29638"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1460"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1463"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.postgresql.org/about/news.905"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27163"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0061"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0109"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1071/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39499"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1768"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/568-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/about/news.905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1071/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/568-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2007-2877
Vulnerability from cvelistv5
Published
2007-05-29 20:00
Modified
2024-08-07 13:57
Severity ?
Summary
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:54.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1682211\u0026group_id=10894\u0026atid=110894"
          },
          {
            "name": "36528",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36528"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=10894\u0026release_id=503937"
          },
          {
            "name": "tcl-tclwinreg-bo(34515)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34515"
          },
          {
            "name": "25401",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25401"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1682211\u0026group_id=10894\u0026atid=110894"
        },
        {
          "name": "36528",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36528"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=10894\u0026release_id=503937"
        },
        {
          "name": "tcl-tclwinreg-bo(34515)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34515"
        },
        {
          "name": "25401",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25401"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2877",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1682211\u0026group_id=10894\u0026atid=110894",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1682211\u0026group_id=10894\u0026atid=110894"
            },
            {
              "name": "36528",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36528"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=10894\u0026release_id=503937",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=10894\u0026release_id=503937"
            },
            {
              "name": "tcl-tclwinreg-bo(34515)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34515"
            },
            {
              "name": "25401",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25401"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2877",
    "datePublished": "2007-05-29T20:00:00",
    "dateReserved": "2007-05-29T00:00:00",
    "dateUpdated": "2024-08-07T13:57:54.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0553
Vulnerability from cvelistv5
Published
2008-02-07 20:00
Modified
2024-08-07 07:46
Severity ?
Summary
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
References
http://secunia.com/advisories/30129third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28784third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0134.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2008/dsa-1598vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/488069/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/1744vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/29622third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/27655vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.htmlvendor-advisory, x_refsource_SUSE
http://ubuntu.com/usn/usn-664-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2008/1456/referencesvdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/28857third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30783third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-2215x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098vdb-entry, signature, x_refsource_OVAL
http://www.debian.org/security/2008/dsa-1490vendor-advisory, x_refsource_DEBIAN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1vendor-advisory, x_refsource_SUNALERT
http://www.redhat.com/support/errata/RHSA-2008-0136.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=431518x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/0430vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/28954third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30535third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30188third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.htmlvendor-advisory, x_refsource_FEDORA
http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/493080/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.htmlvendor-advisory, x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/32608third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/29070third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/28848third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0135.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/29069third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/28867third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1019309vdb-entry, x_refsource_SECTRACK
http://wiki.rpath.com/Advisories:rPSA-2008-0054x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2008:041vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2008/dsa-1491vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/28807third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2008_13_sr.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/30717third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:55.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30129",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30129"
          },
          {
            "name": "28784",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28784"
          },
          {
            "name": "RHSA-2008:0134",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0134.html"
          },
          {
            "name": "DSA-1598",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1598"
          },
          {
            "name": "20080212 rPSA-2008-0054-1 tk",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/488069/100/0/threaded"
          },
          {
            "name": "ADV-2008-1744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1744"
          },
          {
            "name": "29622",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29622"
          },
          {
            "name": "27655",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27655"
          },
          {
            "name": "SUSE-SR:2008:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
          },
          {
            "name": "USN-664-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-664-1"
          },
          {
            "name": "ADV-2008-1456",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1456/references"
          },
          {
            "name": "28857",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28857"
          },
          {
            "name": "30783",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30783"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2215"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10098",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098"
          },
          {
            "name": "DSA-1490",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1490"
          },
          {
            "name": "237465",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1"
          },
          {
            "name": "RHSA-2008:0136",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431518"
          },
          {
            "name": "ADV-2008-0430",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0430"
          },
          {
            "name": "28954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28954"
          },
          {
            "name": "30535",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30535"
          },
          {
            "name": "30188",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30188"
          },
          {
            "name": "FEDORA-2008-1131",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=573933\u0026group_id=10894"
          },
          {
            "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
          },
          {
            "name": "FEDORA-2008-1384",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html"
          },
          {
            "name": "FEDORA-2008-1122",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html"
          },
          {
            "name": "32608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32608"
          },
          {
            "name": "29070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29070"
          },
          {
            "name": "FEDORA-2008-3545",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html"
          },
          {
            "name": "28848",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28848"
          },
          {
            "name": "RHSA-2008:0135",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0135.html"
          },
          {
            "name": "29069",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29069"
          },
          {
            "name": "FEDORA-2008-1323",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html"
          },
          {
            "name": "28867",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28867"
          },
          {
            "name": "1019309",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019309"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0054"
          },
          {
            "name": "MDVSA-2008:041",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041"
          },
          {
            "name": "DSA-1491",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1491"
          },
          {
            "name": "28807",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28807"
          },
          {
            "name": "SUSE-SR:2008:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
          },
          {
            "name": "30717",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30717"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "30129",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30129"
        },
        {
          "name": "28784",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28784"
        },
        {
          "name": "RHSA-2008:0134",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0134.html"
        },
        {
          "name": "DSA-1598",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1598"
        },
        {
          "name": "20080212 rPSA-2008-0054-1 tk",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/488069/100/0/threaded"
        },
        {
          "name": "ADV-2008-1744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1744"
        },
        {
          "name": "29622",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29622"
        },
        {
          "name": "27655",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27655"
        },
        {
          "name": "SUSE-SR:2008:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
        },
        {
          "name": "USN-664-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-664-1"
        },
        {
          "name": "ADV-2008-1456",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1456/references"
        },
        {
          "name": "28857",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28857"
        },
        {
          "name": "30783",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30783"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2215"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10098",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098"
        },
        {
          "name": "DSA-1490",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1490"
        },
        {
          "name": "237465",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1"
        },
        {
          "name": "RHSA-2008:0136",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431518"
        },
        {
          "name": "ADV-2008-0430",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0430"
        },
        {
          "name": "28954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28954"
        },
        {
          "name": "30535",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30535"
        },
        {
          "name": "30188",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30188"
        },
        {
          "name": "FEDORA-2008-1131",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=573933\u0026group_id=10894"
        },
        {
          "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
        },
        {
          "name": "FEDORA-2008-1384",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html"
        },
        {
          "name": "FEDORA-2008-1122",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html"
        },
        {
          "name": "32608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32608"
        },
        {
          "name": "29070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29070"
        },
        {
          "name": "FEDORA-2008-3545",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html"
        },
        {
          "name": "28848",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28848"
        },
        {
          "name": "RHSA-2008:0135",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0135.html"
        },
        {
          "name": "29069",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29069"
        },
        {
          "name": "FEDORA-2008-1323",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html"
        },
        {
          "name": "28867",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28867"
        },
        {
          "name": "1019309",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019309"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0054"
        },
        {
          "name": "MDVSA-2008:041",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041"
        },
        {
          "name": "DSA-1491",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1491"
        },
        {
          "name": "28807",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28807"
        },
        {
          "name": "SUSE-SR:2008:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
        },
        {
          "name": "30717",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30717"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-0553",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30129",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30129"
            },
            {
              "name": "28784",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28784"
            },
            {
              "name": "RHSA-2008:0134",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0134.html"
            },
            {
              "name": "DSA-1598",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1598"
            },
            {
              "name": "20080212 rPSA-2008-0054-1 tk",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/488069/100/0/threaded"
            },
            {
              "name": "ADV-2008-1744",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1744"
            },
            {
              "name": "29622",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29622"
            },
            {
              "name": "27655",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27655"
            },
            {
              "name": "SUSE-SR:2008:008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
            },
            {
              "name": "USN-664-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-664-1"
            },
            {
              "name": "ADV-2008-1456",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1456/references"
            },
            {
              "name": "28857",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28857"
            },
            {
              "name": "30783",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30783"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2215",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2215"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10098",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098"
            },
            {
              "name": "DSA-1490",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1490"
            },
            {
              "name": "237465",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1"
            },
            {
              "name": "RHSA-2008:0136",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431518",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431518"
            },
            {
              "name": "ADV-2008-0430",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0430"
            },
            {
              "name": "28954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28954"
            },
            {
              "name": "30535",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30535"
            },
            {
              "name": "30188",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30188"
            },
            {
              "name": "FEDORA-2008-1131",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=573933\u0026group_id=10894",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=573933\u0026group_id=10894"
            },
            {
              "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
            },
            {
              "name": "FEDORA-2008-1384",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html"
            },
            {
              "name": "FEDORA-2008-1122",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html"
            },
            {
              "name": "32608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32608"
            },
            {
              "name": "29070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29070"
            },
            {
              "name": "FEDORA-2008-3545",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html"
            },
            {
              "name": "28848",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28848"
            },
            {
              "name": "RHSA-2008:0135",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0135.html"
            },
            {
              "name": "29069",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29069"
            },
            {
              "name": "FEDORA-2008-1323",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html"
            },
            {
              "name": "28867",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28867"
            },
            {
              "name": "1019309",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019309"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0054",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0054"
            },
            {
              "name": "MDVSA-2008:041",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041"
            },
            {
              "name": "DSA-1491",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1491"
            },
            {
              "name": "28807",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28807"
            },
            {
              "name": "SUSE-SR:2008:013",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
            },
            {
              "name": "30717",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30717"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-0553",
    "datePublished": "2008-02-07T20:00:00",
    "dateReserved": "2008-02-01T00:00:00",
    "dateUpdated": "2024-08-07T07:46:55.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5137
Vulnerability from cvelistv5
Published
2007-09-28 21:00
Modified
2024-08-07 15:24
Severity ?
Summary
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
References
http://secunia.com/advisories/34297third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540vdb-entry, signature, x_refsource_OVAL
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.htmlvendor-advisory, x_refsource_FEDORA
http://bugs.gentoo.org/show_bug.cgi?id=192539x_refsource_MISC
http://secunia.com/advisories/26942third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27086third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0136.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2007:200vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2009/dsa-1743vendor-advisory, x_refsource_DEBIAN
http://security.gentoo.org/glsa/glsa-200710-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/27295third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/project/shownotes.php?release_id=541207x_refsource_CONFIRM
http://secunia.com/advisories/27229third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-529-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/27182third-party-advisory, x_refsource_SECUNIA
http://www.attrition.org/pipermail/vim/2007-October/001826.htmlmailing-list, x_refsource_VIM
http://secunia.com/advisories/29069third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27207third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_20_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/25826vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:41.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "34297",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34297"
          },
          {
            "name": "oval:org.mitre.oval:def:9540",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540"
          },
          {
            "name": "FEDORA-2007-2564",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=192539"
          },
          {
            "name": "26942",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26942"
          },
          {
            "name": "27086",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27086"
          },
          {
            "name": "RHSA-2008:0136",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
          },
          {
            "name": "MDKSA-2007:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:200"
          },
          {
            "name": "DSA-1743",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1743"
          },
          {
            "name": "GLSA-200710-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-07.xml"
          },
          {
            "name": "27295",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27295"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=541207"
          },
          {
            "name": "27229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27229"
          },
          {
            "name": "USN-529-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-529-1"
          },
          {
            "name": "27182",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27182"
          },
          {
            "name": "20071012 clarification on multiple Tk overflow issues",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-October/001826.html"
          },
          {
            "name": "29069",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29069"
          },
          {
            "name": "27207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27207"
          },
          {
            "name": "SUSE-SR:2007:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
          },
          {
            "name": "25826",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25826"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first.  NOTE: this issue is due to an incorrect patch for CVE-2007-5378."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "34297",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34297"
        },
        {
          "name": "oval:org.mitre.oval:def:9540",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540"
        },
        {
          "name": "FEDORA-2007-2564",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=192539"
        },
        {
          "name": "26942",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26942"
        },
        {
          "name": "27086",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27086"
        },
        {
          "name": "RHSA-2008:0136",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
        },
        {
          "name": "MDKSA-2007:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:200"
        },
        {
          "name": "DSA-1743",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1743"
        },
        {
          "name": "GLSA-200710-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-07.xml"
        },
        {
          "name": "27295",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27295"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=541207"
        },
        {
          "name": "27229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27229"
        },
        {
          "name": "USN-529-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-529-1"
        },
        {
          "name": "27182",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27182"
        },
        {
          "name": "20071012 clarification on multiple Tk overflow issues",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-October/001826.html"
        },
        {
          "name": "29069",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29069"
        },
        {
          "name": "27207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27207"
        },
        {
          "name": "SUSE-SR:2007:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
        },
        {
          "name": "25826",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25826"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5137",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first.  NOTE: this issue is due to an incorrect patch for CVE-2007-5378."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34297",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34297"
            },
            {
              "name": "oval:org.mitre.oval:def:9540",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540"
            },
            {
              "name": "FEDORA-2007-2564",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=192539",
              "refsource": "MISC",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=192539"
            },
            {
              "name": "26942",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26942"
            },
            {
              "name": "27086",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27086"
            },
            {
              "name": "RHSA-2008:0136",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
            },
            {
              "name": "MDKSA-2007:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:200"
            },
            {
              "name": "DSA-1743",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1743"
            },
            {
              "name": "GLSA-200710-07",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200710-07.xml"
            },
            {
              "name": "27295",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27295"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=541207",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=541207"
            },
            {
              "name": "27229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27229"
            },
            {
              "name": "USN-529-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-529-1"
            },
            {
              "name": "27182",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27182"
            },
            {
              "name": "20071012 clarification on multiple Tk overflow issues",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-October/001826.html"
            },
            {
              "name": "29069",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29069"
            },
            {
              "name": "27207",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27207"
            },
            {
              "name": "SUSE-SR:2007:020",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
            },
            {
              "name": "25826",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25826"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5137",
    "datePublished": "2007-09-28T21:00:00",
    "dateReserved": "2007-09-28T00:00:00",
    "dateUpdated": "2024-08-07T15:24:41.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4769
Vulnerability from cvelistv5
Published
2008-01-09 21:00
Modified
2024-08-07 15:08
Severity ?
Summary
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2008/dsa-1460vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/27163vdb-entry, x_refsource_BID
https://issues.rpath.com/browse/RPL-1768x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0038.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/28454third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/485864/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/28359third-party-advisory, x_refsource_SECUNIA
http://www.postgresql.org/about/news.905x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2008/0061vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/28679third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0109vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/28376third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/28437third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28455third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28477third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/29638third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28479third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894x_refsource_CONFIRM
http://www.debian.org/security/2008/dsa-1463vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2008-0040.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/486407/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/28464third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28698third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154vendor-advisory, x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1vendor-advisory, x_refsource_SUNALERT
https://usn.ubuntu.com/568-1/vendor-advisory, x_refsource_UBUNTU
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/28438third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/39499vdb-entry, x_refsource_XF
http://securitytracker.com/id?1019157vdb-entry, x_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.htmlvendor-advisory, x_refsource_FEDORA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-200801-15.xmlvendor-advisory, x_refsource_GENTOO
http://www.vupen.com/english/advisories/2008/1071/referencesvdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2008:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
          },
          {
            "name": "DSA-1460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1460"
          },
          {
            "name": "27163",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1768"
          },
          {
            "name": "RHSA-2008:0038",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
          },
          {
            "name": "28454",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28454"
          },
          {
            "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
          },
          {
            "name": "28359",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/about/news.905"
          },
          {
            "name": "SUSE-SA:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
          },
          {
            "name": "ADV-2008-0061",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0061"
          },
          {
            "name": "28679",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28679"
          },
          {
            "name": "ADV-2008-0109",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0109"
          },
          {
            "name": "28376",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28376"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
          },
          {
            "name": "103197",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
          },
          {
            "name": "28437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28437"
          },
          {
            "name": "28455",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28455"
          },
          {
            "name": "28477",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28477"
          },
          {
            "name": "29638",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29638"
          },
          {
            "name": "28479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28479"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
          },
          {
            "name": "DSA-1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1463"
          },
          {
            "name": "RHSA-2008:0040",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
          },
          {
            "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
          },
          {
            "name": "28464",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28464"
          },
          {
            "name": "28698",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28698"
          },
          {
            "name": "SSRT080006",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
          },
          {
            "name": "200559",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
          },
          {
            "name": "USN-568-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/568-1/"
          },
          {
            "name": "FEDORA-2008-0552",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
          },
          {
            "name": "28438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28438"
          },
          {
            "name": "postgresql-backref-dos(39499)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39499"
          },
          {
            "name": "1019157",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019157"
          },
          {
            "name": "FEDORA-2008-0478",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
          },
          {
            "name": "HPSBTU02325",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
          },
          {
            "name": "GLSA-200801-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
          },
          {
            "name": "ADV-2008-1071",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1071/references"
          },
          {
            "name": "oval:org.mitre.oval:def:9804",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2008:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
        },
        {
          "name": "DSA-1460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1460"
        },
        {
          "name": "27163",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1768"
        },
        {
          "name": "RHSA-2008:0038",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
        },
        {
          "name": "28454",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28454"
        },
        {
          "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
        },
        {
          "name": "28359",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/about/news.905"
        },
        {
          "name": "SUSE-SA:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
        },
        {
          "name": "ADV-2008-0061",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0061"
        },
        {
          "name": "28679",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28679"
        },
        {
          "name": "ADV-2008-0109",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0109"
        },
        {
          "name": "28376",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28376"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
        },
        {
          "name": "103197",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
        },
        {
          "name": "28437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28437"
        },
        {
          "name": "28455",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28455"
        },
        {
          "name": "28477",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28477"
        },
        {
          "name": "29638",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29638"
        },
        {
          "name": "28479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28479"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
        },
        {
          "name": "DSA-1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1463"
        },
        {
          "name": "RHSA-2008:0040",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
        },
        {
          "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
        },
        {
          "name": "28464",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28464"
        },
        {
          "name": "28698",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28698"
        },
        {
          "name": "SSRT080006",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
        },
        {
          "name": "200559",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
        },
        {
          "name": "USN-568-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/568-1/"
        },
        {
          "name": "FEDORA-2008-0552",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
        },
        {
          "name": "28438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28438"
        },
        {
          "name": "postgresql-backref-dos(39499)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39499"
        },
        {
          "name": "1019157",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019157"
        },
        {
          "name": "FEDORA-2008-0478",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
        },
        {
          "name": "HPSBTU02325",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
        },
        {
          "name": "GLSA-200801-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
        },
        {
          "name": "ADV-2008-1071",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1071/references"
        },
        {
          "name": "oval:org.mitre.oval:def:9804",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4769",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2008:004",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
            },
            {
              "name": "DSA-1460",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1460"
            },
            {
              "name": "27163",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27163"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1768",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1768"
            },
            {
              "name": "RHSA-2008:0038",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
            },
            {
              "name": "28454",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28454"
            },
            {
              "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
            },
            {
              "name": "28359",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28359"
            },
            {
              "name": "http://www.postgresql.org/about/news.905",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/about/news.905"
            },
            {
              "name": "SUSE-SA:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
            },
            {
              "name": "ADV-2008-0061",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0061"
            },
            {
              "name": "28679",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28679"
            },
            {
              "name": "ADV-2008-0109",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0109"
            },
            {
              "name": "28376",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28376"
            },
            {
              "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
            },
            {
              "name": "103197",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
            },
            {
              "name": "28437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28437"
            },
            {
              "name": "28455",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28455"
            },
            {
              "name": "28477",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28477"
            },
            {
              "name": "29638",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29638"
            },
            {
              "name": "28479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28479"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
            },
            {
              "name": "DSA-1463",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1463"
            },
            {
              "name": "RHSA-2008:0040",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
            },
            {
              "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
            },
            {
              "name": "28464",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28464"
            },
            {
              "name": "28698",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28698"
            },
            {
              "name": "SSRT080006",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
            },
            {
              "name": "200559",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
            },
            {
              "name": "USN-568-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/568-1/"
            },
            {
              "name": "FEDORA-2008-0552",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
            },
            {
              "name": "28438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28438"
            },
            {
              "name": "postgresql-backref-dos(39499)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39499"
            },
            {
              "name": "1019157",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019157"
            },
            {
              "name": "FEDORA-2008-0478",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
            },
            {
              "name": "HPSBTU02325",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
            },
            {
              "name": "GLSA-200801-15",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
            },
            {
              "name": "ADV-2008-1071",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1071/references"
            },
            {
              "name": "oval:org.mitre.oval:def:9804",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4769",
    "datePublished": "2008-01-09T21:00:00",
    "dateReserved": "2007-09-10T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-6067
Vulnerability from cvelistv5
Published
2008-01-09 21:00
Modified
2024-08-07 15:54
Severity ?
Summary
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2008/dsa-1460vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2013-0122.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/27163vdb-entry, x_refsource_BID
https://issues.rpath.com/browse/RPL-1768x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0038.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/39498vdb-entry, x_refsource_XF
http://secunia.com/advisories/28454third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/485864/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/28359third-party-advisory, x_refsource_SECUNIA
http://www.postgresql.org/about/news.905x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2008/0061vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/28679third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0109vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/28376third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/28437third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28455third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28477third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/29638third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28479third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894x_refsource_CONFIRM
http://www.debian.org/security/2008/dsa-1463vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2008-0040.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/486407/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/28464third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28698third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154vendor-advisory, x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1vendor-advisory, x_refsource_SUNALERT
https://usn.ubuntu.com/568-1/vendor-advisory, x_refsource_UBUNTU
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/28438third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1019157vdb-entry, x_refsource_SECTRACK
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.htmlvendor-advisory, x_refsource_FEDORA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-200801-15.xmlvendor-advisory, x_refsource_GENTOO
http://www.vupen.com/english/advisories/2008/1071/referencesvdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2008:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
          },
          {
            "name": "DSA-1460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1460"
          },
          {
            "name": "RHSA-2013:0122",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0122.html"
          },
          {
            "name": "27163",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1768"
          },
          {
            "name": "RHSA-2008:0038",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
          },
          {
            "name": "postgresql-complex-expression-dos(39498)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39498"
          },
          {
            "name": "28454",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28454"
          },
          {
            "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:10235",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235"
          },
          {
            "name": "28359",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/about/news.905"
          },
          {
            "name": "SUSE-SA:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
          },
          {
            "name": "ADV-2008-0061",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0061"
          },
          {
            "name": "28679",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28679"
          },
          {
            "name": "ADV-2008-0109",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0109"
          },
          {
            "name": "28376",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28376"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
          },
          {
            "name": "103197",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
          },
          {
            "name": "28437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28437"
          },
          {
            "name": "28455",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28455"
          },
          {
            "name": "28477",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28477"
          },
          {
            "name": "29638",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29638"
          },
          {
            "name": "28479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28479"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
          },
          {
            "name": "DSA-1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1463"
          },
          {
            "name": "RHSA-2008:0040",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
          },
          {
            "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
          },
          {
            "name": "28464",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28464"
          },
          {
            "name": "28698",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28698"
          },
          {
            "name": "SSRT080006",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
          },
          {
            "name": "200559",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
          },
          {
            "name": "USN-568-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/568-1/"
          },
          {
            "name": "FEDORA-2008-0552",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
          },
          {
            "name": "28438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28438"
          },
          {
            "name": "1019157",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019157"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "FEDORA-2008-0478",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
          },
          {
            "name": "HPSBTU02325",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
          },
          {
            "name": "GLSA-200801-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
          },
          {
            "name": "ADV-2008-1071",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1071/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2008:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
        },
        {
          "name": "DSA-1460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1460"
        },
        {
          "name": "RHSA-2013:0122",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0122.html"
        },
        {
          "name": "27163",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1768"
        },
        {
          "name": "RHSA-2008:0038",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
        },
        {
          "name": "postgresql-complex-expression-dos(39498)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39498"
        },
        {
          "name": "28454",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28454"
        },
        {
          "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:10235",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235"
        },
        {
          "name": "28359",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/about/news.905"
        },
        {
          "name": "SUSE-SA:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
        },
        {
          "name": "ADV-2008-0061",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0061"
        },
        {
          "name": "28679",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28679"
        },
        {
          "name": "ADV-2008-0109",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0109"
        },
        {
          "name": "28376",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28376"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
        },
        {
          "name": "103197",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
        },
        {
          "name": "28437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28437"
        },
        {
          "name": "28455",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28455"
        },
        {
          "name": "28477",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28477"
        },
        {
          "name": "29638",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29638"
        },
        {
          "name": "28479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28479"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
        },
        {
          "name": "DSA-1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1463"
        },
        {
          "name": "RHSA-2008:0040",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
        },
        {
          "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
        },
        {
          "name": "28464",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28464"
        },
        {
          "name": "28698",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28698"
        },
        {
          "name": "SSRT080006",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
        },
        {
          "name": "200559",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
        },
        {
          "name": "USN-568-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/568-1/"
        },
        {
          "name": "FEDORA-2008-0552",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
        },
        {
          "name": "28438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28438"
        },
        {
          "name": "1019157",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019157"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "FEDORA-2008-0478",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
        },
        {
          "name": "HPSBTU02325",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
        },
        {
          "name": "GLSA-200801-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
        },
        {
          "name": "ADV-2008-1071",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1071/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6067",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2008:004",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
            },
            {
              "name": "DSA-1460",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1460"
            },
            {
              "name": "RHSA-2013:0122",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0122.html"
            },
            {
              "name": "27163",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27163"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1768",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1768"
            },
            {
              "name": "RHSA-2008:0038",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
            },
            {
              "name": "postgresql-complex-expression-dos(39498)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39498"
            },
            {
              "name": "28454",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28454"
            },
            {
              "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:10235",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235"
            },
            {
              "name": "28359",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28359"
            },
            {
              "name": "http://www.postgresql.org/about/news.905",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/about/news.905"
            },
            {
              "name": "SUSE-SA:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
            },
            {
              "name": "ADV-2008-0061",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0061"
            },
            {
              "name": "28679",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28679"
            },
            {
              "name": "ADV-2008-0109",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0109"
            },
            {
              "name": "28376",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28376"
            },
            {
              "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894"
            },
            {
              "name": "103197",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
            },
            {
              "name": "28437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28437"
            },
            {
              "name": "28455",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28455"
            },
            {
              "name": "28477",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28477"
            },
            {
              "name": "29638",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29638"
            },
            {
              "name": "28479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28479"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894"
            },
            {
              "name": "DSA-1463",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1463"
            },
            {
              "name": "RHSA-2008:0040",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
            },
            {
              "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
            },
            {
              "name": "28464",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28464"
            },
            {
              "name": "28698",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28698"
            },
            {
              "name": "SSRT080006",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
            },
            {
              "name": "200559",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
            },
            {
              "name": "USN-568-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/568-1/"
            },
            {
              "name": "FEDORA-2008-0552",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
            },
            {
              "name": "28438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28438"
            },
            {
              "name": "1019157",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019157"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "FEDORA-2008-0478",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
            },
            {
              "name": "HPSBTU02325",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
            },
            {
              "name": "GLSA-200801-15",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
            },
            {
              "name": "ADV-2008-1071",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1071/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6067",
    "datePublished": "2008-01-09T21:00:00",
    "dateReserved": "2007-11-21T00:00:00",
    "dateUpdated": "2024-08-07T15:54:26.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}