CVE-2007-4769

NameCVE-2007-4769
DescriptionThe regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1460-1, DSA-1463-1
NVD severitymedium (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsourcesarge(unfixed)medium
postgresql-7.4sourceetch7.4.19-0etch1mediumDSA-1463-1
postgresql-8.1source(unstable)8.1.11-1medium
postgresql-8.1sourceetch8.1.11-0etch1mediumDSA-1460-1
postgresql-8.2source(unstable)8.2.6-1medium
tcl8.3source(unstable)(not affected)
tcl8.4source(unstable)(not affected)

Notes

- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)

Search for package or bug name: Reporting problems