Vulnerability Description
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | 7.3 |
| Tcl Tk | Tcl Tk | <= 8.4.16 |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2013-0122.html
- http://secunia.com/advisories/28359Vendor Advisory
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28455
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28679
- http://secunia.com/advisories/28698
FAQ
What is CVE-2007-6067?
CVE-2007-6067 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows ...
How severe is CVE-2007-6067?
CVE-2007-6067 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6067?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Tcl Tk Tcl Tk.