CVE-2007-6067
Description
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted complex regular expression with doubly-nested states.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.357
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2007-4769,CVE-2007-6067,CVE-2007-6601 are affected in Postgresql 8.2.4 | Windows |
| (RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-8.4.13-6.el5.i386.rpm | Linux |
| (RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-8.4.13-6.el5.x86_64.rpm | Linux |
| (RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-devel-8.4.13-6.el5.i386.rpm | Linux |
| (RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-devel-8.4.13-6.el5.x86_64.rpm | Linux |
| (RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-html-8.4.13-6.el5.i386.rpm | Linux |
| (RHSA-2013:0122) Moderate: tcl security and bug fix update tcl-html-8.4.13-6.el5.x86_64.rpm | Linux |
| Vulnerability CVE-2007-4769,CVE-2007-6067,CVE-2007-6601 are affected in Postgresql 8.2.4 (For Linux) | Linux |
| Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| CVE-2007-6067 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234