Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pcre | Pcre | * | 6.6 (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | pcre-0:3.4-2.4 | * |
| Red Hat Enterprise Linux 2.1 | RedHat | python-0:1.5.2-43.72.2 | * |
| Red Hat Enterprise Linux 2.1 | RedHat | php-0:4.1.2-2.20 | * |
| Red Hat Enterprise Linux 3 | RedHat | pcre-0:3.9-10.4 | * |
| Red Hat Enterprise Linux 3 | RedHat | python-0:2.2.3-6.8 | * |
| Red Hat Enterprise Linux 4 | RedHat | pcre-0:4.5-4.el4_6.6 | * |
| Red Hat Enterprise Linux 4 | RedHat | python-0:2.3.4-14.4.el4_6.1 | * |
| Red Hat Enterprise Linux 5 | RedHat | pcre-0:6.6-2.el5_1.7 | * |
| Pcre3 | Ubuntu | dapper | * |
| Pcre3 | Ubuntu | edgy | * |
| Pcre3 | Ubuntu | feisty | * |
| Pcre3 | Ubuntu | upstream | * |