CVE-2007-4772

NameCVE-2007-4772
DescriptionThe regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1460-1, DSA-1463-1
NVD severitymedium (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tcl8.4 (PTS)squeeze8.4.19-4fixed
wheezy8.4.19-5fixed
sid8.4.20-7fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsourcesarge(unfixed)medium
postgresql-7.4sourceetch7.4.19-0etch1mediumDSA-1463-1
postgresql-8.1source(unstable)8.1.11-1medium
postgresql-8.1sourceetch8.1.11-0etch1mediumDSA-1460-1
postgresql-8.2source(unstable)8.2.6-1medium
tcl8.3source(unstable)8.3.5-13low
tcl8.4source(unstable)8.4.17-1low

Notes

[etch] - tcl8.3 <no-dsa> (Minor issue)
[etch] - tcl8.4 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems