CVE-2007-4772

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

Affected Software

Name	Vendor	Start Version	End Version
Postgresql	Postgresql	7.4 (including)	7.4.19 (excluding)
Postgresql	Postgresql	8.0 (including)	8.0.15 (excluding)
Postgresql	Postgresql	8.1 (including)	8.1.11 (excluding)
Postgresql	Postgresql	8.2 (including)	8.2.6 (excluding)
Tcl/tk	Tcl	*	8.4.17 (excluding)
Postgresql-8.1	Ubuntu	dapper	*
Postgresql-8.1	Ubuntu	edgy	*
Postgresql-8.1	Ubuntu	feisty	*
Postgresql-8.1	Ubuntu	gutsy	*
Postgresql-8.2	Ubuntu	feisty	*
Postgresql-8.2	Ubuntu	gutsy	*
Postgresql-8.2	Ubuntu	hardy	*
Tcl8.3	Ubuntu	dapper	*
Tcl8.3	Ubuntu	edgy	*
Tcl8.3	Ubuntu	feisty	*
Tcl8.3	Ubuntu	gutsy	*
Tcl8.3	Ubuntu	hardy	*
Tcl8.4	Ubuntu	dapper	*
Tcl8.4	Ubuntu	edgy	*
Tcl8.4	Ubuntu	feisty	*
Tcl8.4	Ubuntu	gutsy	*
Tcl8.4	Ubuntu	hardy	*
Red Hat Enterprise Linux 2.1	RedHat	tcltk-0:8.3.3-75	*
Red Hat Enterprise Linux 3	RedHat	tcltk-0:8.3.5-92.8	*
Red Hat Enterprise Linux 4	RedHat	postgresql-0:7.4.19-1.el4_6.1	*
Red Hat Enterprise Linux 5	RedHat	postgresql-0:8.1.11-1.el5_1.1	*
Red Hat Enterprise Linux 5	RedHat	tcl-0:8.4.13-6.el5	*
Red Hat Web Application Stack for RHEL 4	RedHat	postgresql-0:8.1.11-1.el4s1.1	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4772
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References