CVE-2007-6067
First published: Wed Jan 09 2008(Updated: )
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL PostgreSQL | =7.3 | |
| PostgreSQL PostgreSQL | =7.3.1 | |
| PostgreSQL PostgreSQL | =7.3.2 | |
| PostgreSQL PostgreSQL | =7.3.3 | |
| PostgreSQL PostgreSQL | =7.3.4 | |
| PostgreSQL PostgreSQL | =7.3.6 | |
| PostgreSQL PostgreSQL | =7.3.8 | |
| PostgreSQL PostgreSQL | =7.3.9 | |
| PostgreSQL PostgreSQL | =7.3.10 | |
| PostgreSQL PostgreSQL | =7.3.11 | |
| PostgreSQL PostgreSQL | =7.3.12 | |
| PostgreSQL PostgreSQL | =7.3.13 | |
| PostgreSQL PostgreSQL | =7.3.14 | |
| PostgreSQL PostgreSQL | =7.3.15 | |
| PostgreSQL PostgreSQL | =7.3.16 | |
| PostgreSQL PostgreSQL | =7.3.19 | |
| PostgreSQL PostgreSQL | =7.4 | |
| PostgreSQL PostgreSQL | =7.4.1 | |
| PostgreSQL PostgreSQL | =7.4.2 | |
| PostgreSQL PostgreSQL | =7.4.3 | |
| PostgreSQL PostgreSQL | =7.4.4 | |
| PostgreSQL PostgreSQL | =7.4.5 | |
| PostgreSQL PostgreSQL | =7.4.6 | |
| PostgreSQL PostgreSQL | =7.4.7 | |
| PostgreSQL PostgreSQL | =7.4.8 | |
| PostgreSQL PostgreSQL | =7.4.9 | |
| PostgreSQL PostgreSQL | =7.4.10 | |
| PostgreSQL PostgreSQL | =7.4.11 | |
| PostgreSQL PostgreSQL | =7.4.12 | |
| PostgreSQL PostgreSQL | =7.4.13 | |
| PostgreSQL PostgreSQL | =7.4.14 | |
| PostgreSQL PostgreSQL | =7.4.16 | |
| PostgreSQL PostgreSQL | =7.4.17 | |
| PostgreSQL PostgreSQL | =8.0 | |
| PostgreSQL PostgreSQL | =8.0.1 | |
| PostgreSQL PostgreSQL | =8.0.2 | |
| PostgreSQL PostgreSQL | =8.0.3 | |
| PostgreSQL PostgreSQL | =8.0.4 | |
| PostgreSQL PostgreSQL | =8.0.5 | |
| PostgreSQL PostgreSQL | =8.0.7 | |
| PostgreSQL PostgreSQL | =8.0.8 | |
| PostgreSQL PostgreSQL | =8.0.9 | |
| PostgreSQL PostgreSQL | =8.0.11 | |
| PostgreSQL PostgreSQL | =8.0.13 | |
| PostgreSQL PostgreSQL | =8.0.317 | |
| PostgreSQL PostgreSQL | =8.1.1 | |
| PostgreSQL PostgreSQL | =8.1.3 | |
| PostgreSQL PostgreSQL | =8.1.4 | |
| PostgreSQL PostgreSQL | =8.1.5 | |
| PostgreSQL PostgreSQL | =8.1.7 | |
| PostgreSQL PostgreSQL | =8.1.8 | |
| PostgreSQL PostgreSQL | =8.1.9 | |
| PostgreSQL PostgreSQL | =8.2 | |
| PostgreSQL PostgreSQL | =8.2.2 | |
| PostgreSQL PostgreSQL | =8.2.3 | |
| PostgreSQL PostgreSQL | =8.2.4 | |
| Tcl Tk Tcl Tk | <=8.4.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2013-0122.html
- http://secunia.com/advisories/28359
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28455
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28679
- http://secunia.com/advisories/28698
- http://secunia.com/advisories/29638
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://securitytracker.com/id?1019157
- http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
- http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- http://www.postgresql.org/about/news.905
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://www.securityfocus.com/bid/27163
- http://www.vupen.com/english/advisories/2008/0061
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/1071/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39498
- https://issues.rpath.com/browse/RPL-1768
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235
- https://usn.ubuntu.com/568-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/7.3
- version/postgresql postgresql/7.3.1
- version/postgresql postgresql/7.3.2
- version/postgresql postgresql/7.3.3
- version/postgresql postgresql/7.3.4
- version/postgresql postgresql/7.3.6
- version/postgresql postgresql/7.3.8
- version/postgresql postgresql/7.3.9
- version/postgresql postgresql/7.3.10
- version/postgresql postgresql/7.3.11
- version/postgresql postgresql/7.3.12
- version/postgresql postgresql/7.3.13
- version/postgresql postgresql/7.3.14
- version/postgresql postgresql/7.3.15
- version/postgresql postgresql/7.3.16
- version/postgresql postgresql/7.3.19
- version/postgresql postgresql/7.4
- version/postgresql postgresql/7.4.1
- version/postgresql postgresql/7.4.2
- version/postgresql postgresql/7.4.3
- version/postgresql postgresql/7.4.4
- version/postgresql postgresql/7.4.5
- version/postgresql postgresql/7.4.6
- version/postgresql postgresql/7.4.7
- version/postgresql postgresql/7.4.8
- version/postgresql postgresql/7.4.9
- version/postgresql postgresql/7.4.10
- version/postgresql postgresql/7.4.11
- version/postgresql postgresql/7.4.12
- version/postgresql postgresql/7.4.13
- version/postgresql postgresql/7.4.14
- version/postgresql postgresql/7.4.16
- version/postgresql postgresql/7.4.17
- version/postgresql postgresql/8.0
- version/postgresql postgresql/8.0.1
- version/postgresql postgresql/8.0.2
- version/postgresql postgresql/8.0.3
- version/postgresql postgresql/8.0.4
- version/postgresql postgresql/8.0.5
- version/postgresql postgresql/8.0.7
- version/postgresql postgresql/8.0.8
- version/postgresql postgresql/8.0.9
- version/postgresql postgresql/8.0.11
- version/postgresql postgresql/8.0.13
- version/postgresql postgresql/8.0.317
- version/postgresql postgresql/8.1.1
- version/postgresql postgresql/8.1.3
- version/postgresql postgresql/8.1.4
- version/postgresql postgresql/8.1.5
- version/postgresql postgresql/8.1.7
- version/postgresql postgresql/8.1.8
- version/postgresql postgresql/8.1.9
- version/postgresql postgresql/8.2
- version/postgresql postgresql/8.2.2
- version/postgresql postgresql/8.2.3
- version/postgresql postgresql/8.2.4
- vendor/tcl tk
- canonical/tcl tk tcl tk
- version/tcl tk tcl tk/8.4.16