CVE-2007-6067

NameCVE-2007-6067
DescriptionAlgorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1460-1, DSA-1463-1
NVD severitymedium

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsourcesarge(unfixed)
postgresql-7.4sourceetch7.4.19-0etch1DSA-1463-1
postgresql-8.1source(unstable)8.1.11-1
postgresql-8.1sourceetch8.1.11-0etch1DSA-1460-1
postgresql-8.2source(unstable)8.2.6-1
tcl8.3source(unstable)8.3.5-13
tcl8.4source(unstable)8.4.17-1

Notes

[etch] - tcl8.3 <no-dsa> (Minor issue)
[etch] - tcl8.4 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems