CVE-2007-1661

Published: 07 November 2007

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

Priority

Low

Status

Package Release Status
pcre3
Launchpad, Ubuntu, Debian
Upstream
Released (7.3)