Home

CVE-2007-4772

Description

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

Risk Information

Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.282

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2007-4772,CVE-2007-6600 are affected in Postgresql 8.2.5Windows
(RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-8.4.13-6.el5.i386.rpmLinux
(RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-8.4.13-6.el5.x86_64.rpmLinux
(RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-devel-8.4.13-6.el5.i386.rpmLinux
(RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-devel-8.4.13-6.el5.x86_64.rpmLinux
(RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-html-8.4.13-6.el5.i386.rpmLinux
(RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-html-8.4.13-6.el5.x86_64.rpmLinux
SUSE-SU-2016:0539-1(SUSE Linux Enterprise Desktop 12 ) postgresql93-9.3.11-14.2.x86_64.rpmLinux
SUSE-SU-2016:0539-1(SUSE Linux Enterprise Server 12 ) postgresql93-contrib-9.3.11-14.2.x86_64.rpmLinux
SUSE-SU-2016:0539-1(SUSE Linux Enterprise Server 12 ) postgresql93-contrib-debuginfo-9.3.11-14.2.x86_64.rpmLinux
SUSE-SU-2016:0539-1(SUSE Linux Enterprise Desktop 12 ) postgresql93-debuginfo-9.3.11-14.2.x86_64.rpmLinux
SUSE-SU-2016:0539-1(SUSE Linux Enterprise Desktop 12 ) postgresql93-debugsource-9.3.11-14.2.x86_64.rpmLinux
SUSE-SU-2016:0539-1(SUSE Linux Enterprise Server 12 ) postgresql93-docs-9.3.11-14.2.noarch.rpmLinux
SUSE-SU-2016:0539-1(SUSE Linux Enterprise Server 12 ) postgresql93-server-9.3.11-14.2.x86_64.rpmLinux
SUSE-SU-2016:0539-1(SUSE Linux Enterprise Server 12 ) postgresql93-server-debuginfo-9.3.11-14.2.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) libecpg6-9.4.6-7.1.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) libecpg6-debuginfo-9.4.6-7.1.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) libpq5-9.4.6-7.1.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) libpq5-32bit-9.4.6-7.1.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) libpq5-debuginfo-9.4.6-7.1.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) libpq5-debuginfo-32bit-9.4.6-7.1.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) postgresql94-9.4.6-7.2.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Server 12 ) postgresql94-contrib-9.4.6-7.2.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Server 12 ) postgresql94-contrib-debuginfo-9.4.6-7.2.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) postgresql94-debuginfo-9.4.6-7.2.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) postgresql94-debugsource-9.4.6-7.2.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Server 12 ) postgresql94-docs-9.4.6-7.2.noarch.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Desktop 12 ) postgresql94-libs-debugsource-9.4.6-7.1.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Server 12 ) postgresql94-server-9.4.6-7.2.x86_64.rpmLinux
SUSE-SU-2016:0555-1(SUSE Linux Enterprise Server 12 ) postgresql94-server-debuginfo-9.4.6-7.2.x86_64.rpmLinux
SUSE-SU-2016:0677-1(SUSE Linux Enterprise Desktop 11-SP4 ) libecpg6-9.4.6-0.14.3.x86_64.rpmLinux
SUSE-SU-2016:0677-1(SUSE Linux Enterprise Desktop 11-SP4 ) libpq5-9.4.6-0.14.3.x86_64.rpmLinux
SUSE-SU-2016:0677-1(SUSE Linux Enterprise Desktop 11-SP4 ) libpq5-32bit-9.4.6-0.14.3.x86_64.rpmLinux
SUSE-SU-2016:0677-1(SUSE Linux Enterprise Desktop 11-SP4 ) postgresql94-9.4.6-0.14.3.x86_64.rpmLinux
SUSE-SU-2016:0677-1(SUSE Linux Enterprise Desktop 11-SP4 ) postgresql94-docs-9.4.6-0.14.3.x86_64.rpmLinux
Vulnerability CVE-2007-4772,CVE-2007-6600 are affected in Postgresql 8.2.5 (For Linux)Linux
CVE-2007-4772NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234