First published: Wed Jan 09 2008(Updated: )
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PostgreSQL JDBC Driver | =7.4.16 | |
PostgreSQL JDBC Driver | =8.0.7 | |
PostgreSQL JDBC Driver | =8.0.2 | |
PostgreSQL JDBC Driver | =8.1.7 | |
PostgreSQL JDBC Driver | =7.3.3 | |
Tcl Tk | <=8.4.16 | |
PostgreSQL JDBC Driver | =8.2.4 | |
PostgreSQL JDBC Driver | =7.3 | |
PostgreSQL JDBC Driver | =8.0.9 | |
PostgreSQL JDBC Driver | =7.4.1 | |
PostgreSQL JDBC Driver | =7.3.9 | |
PostgreSQL JDBC Driver | =7.3.10 | |
PostgreSQL JDBC Driver | =8.2.2 | |
PostgreSQL JDBC Driver | =8.1.3 | |
PostgreSQL JDBC Driver | =7.4.14 | |
PostgreSQL JDBC Driver | =7.4.6 | |
PostgreSQL JDBC Driver | =7.4.11 | |
PostgreSQL JDBC Driver | =7.3.16 | |
PostgreSQL JDBC Driver | =8.0.3 | |
PostgreSQL JDBC Driver | =7.3.15 | |
PostgreSQL JDBC Driver | =7.4.7 | |
PostgreSQL JDBC Driver | =7.3.11 | |
PostgreSQL JDBC Driver | =8.1.9 | |
PostgreSQL JDBC Driver | =7.4.17 | |
PostgreSQL JDBC Driver | =7.4.3 | |
PostgreSQL JDBC Driver | =7.3.6 | |
PostgreSQL JDBC Driver | =7.4.9 | |
PostgreSQL JDBC Driver | =7.4.5 | |
PostgreSQL JDBC Driver | =7.3.8 | |
PostgreSQL JDBC Driver | =8.0.8 | |
PostgreSQL JDBC Driver | =7.4.8 | |
PostgreSQL JDBC Driver | =7.4 | |
PostgreSQL JDBC Driver | =7.4.4 | |
PostgreSQL JDBC Driver | =8.0.13 | |
PostgreSQL JDBC Driver | =7.3.13 | |
PostgreSQL JDBC Driver | =8.1.4 | |
PostgreSQL JDBC Driver | =8.0.1 | |
PostgreSQL JDBC Driver | =8.1.8 | |
PostgreSQL JDBC Driver | =7.3.2 | |
PostgreSQL JDBC Driver | =7.4.12 | |
PostgreSQL JDBC Driver | =7.3.12 | |
PostgreSQL JDBC Driver | =8.1.1 | |
PostgreSQL JDBC Driver | =8.1.5 | |
PostgreSQL JDBC Driver | =7.3.14 | |
PostgreSQL JDBC Driver | =7.3.1 | |
PostgreSQL JDBC Driver | =7.4.10 | |
PostgreSQL JDBC Driver | =8.2.3 | |
PostgreSQL JDBC Driver | =7.3.19 | |
PostgreSQL JDBC Driver | =8.0.4 | |
PostgreSQL JDBC Driver | =8.0.5 | |
PostgreSQL JDBC Driver | =8.2 | |
PostgreSQL JDBC Driver | =7.4.2 | |
PostgreSQL JDBC Driver | =8.0.11 | |
PostgreSQL JDBC Driver | =8.0.317 | |
PostgreSQL JDBC Driver | =8.0 | |
PostgreSQL JDBC Driver | =7.4.13 | |
PostgreSQL JDBC Driver | =7.3.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-6067 has a Medium severity level due to its potential to cause denial of service through memory consumption.
To fix CVE-2007-6067, upgrade to PostgreSQL version 8.2.6 or later, or Tcl version 8.4.17 or later.
CVE-2007-6067 affects various versions of PostgreSQL prior to 8.2.6 and Tcl versions up to 8.4.16.
CVE-2007-6067 is an algorithmic complexity vulnerability in the regular expression parser.
Yes, CVE-2007-6067 can be exploited by remote authenticated users to trigger a denial of service.