CVE-2007-4772 | Vulnerability Database | Aqua Security

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

Affected Software

Name	Vendor	Start Version	End Version
Postgresql	Postgresql	7.4 (including)	7.4.19 (excluding)
Postgresql	Postgresql	8.0 (including)	8.0.15 (excluding)
Postgresql	Postgresql	8.1 (including)	8.1.11 (excluding)
Postgresql	Postgresql	8.2 (including)	8.2.6 (excluding)
Tcl/tk	Tcl	*	8.4.17 (excluding)

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
http://rhn.redhat.com/errata/RHSA-2013-0122.html
http://secunia.com/advisories/28359
http://secunia.com/advisories/28376
http://secunia.com/advisories/28437
http://secunia.com/advisories/28438
http://secunia.com/advisories/28454
http://secunia.com/advisories/28455
http://secunia.com/advisories/28464
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479
http://secunia.com/advisories/28679
http://secunia.com/advisories/28698
http://secunia.com/advisories/29070
http://secunia.com/advisories/29248
http://secunia.com/advisories/29638
http://secunia.com/advisories/30535
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://securitytracker.com/id?1019157
http://sourceforge.net/project/shownotes.php?release_id=565440\u0026group_id=10894
http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1810264\u0026group_id=10894\u0026atid=110894
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
http://www.mandriva.com/security/advisories?name=MDVSA-2008:059
http://www.postgresql.org/about/news.905
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://www.redhat.com/support/errata/RHSA-2008-0134.html
http://www.securityfocus.com/archive/1/485864/100/0/threaded
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/27163
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/0061
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/1071/references
http://www.vupen.com/english/advisories/2008/1744
https://exchange.xforce.ibmcloud.com/vulnerabilities/39497
https://issues.rpath.com/browse/RPL-1768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569
https://usn.ubuntu.com/568-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4772
CWE	https://cwe.mitre.org/data/definitions/399.html