Vulnerabilities

CVE-2007-1661

by Fred · 07/11/2007

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "X?d" and "P{L}?d" patterns.

Date published : 2007-11-07

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Similar

Tags: Cybersecurity Alert