Launchpad.net

CVE 2007-6067

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

Related bugs and status

CVE-2007-6067 (Candidate) is related to these bugs:

Bug #181720: [postgresql] multiple vulnerabilities

		In	Importance	Status
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu)	High	Fix Released
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu Dapper)	Undecided	Fix Released
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu Edgy)	Undecided	Fix Released
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu Feisty)	Undecided	Fix Released
181720	[postgresql] multiple vulnerabilities	postgresql (Ubuntu Gutsy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.postgresql....
MANDRIVA: MDVSA-2008:004
BID: 27163
SECTRACK: 1019157
SECUNIA: 28359
DEBIAN: DSA-1460
FEDORA: FEDORA-2008-0478
FEDORA: FEDORA-2008-0552
REDHAT: RHSA-2008:0038
SUNALERT: 103197
SECUNIA: 28376
SECUNIA: 28438
SECUNIA: 28437
SECUNIA: 28454
SECUNIA: 28464
CONFIRM: https://issues.rpath.c...
DEBIAN: DSA-1463
SECUNIA: 28477
SECUNIA: 28479
SECUNIA: 28455
GENTOO: GLSA-200801-15
SECUNIA: 28679
SUSE: SUSE-SA:2008:005
SECUNIA: 28698
REDHAT: RHSA-2008:0040
SUNALERT: 200559
HP: HPSBTU02325
HP: SSRT080006
SECUNIA: 29638
VUPEN: ADV-2008-0061
VUPEN: ADV-2008-0109
VUPEN: ADV-2008-1071
REDHAT: RHSA-2013:0122
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
CONFIRM: http://kb.juniper.net/...
XF: postgresql-complex-exp...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-568-1
BUGTRAQ: 20080107 PostgreSQL 20...
BUGTRAQ: 20080115 rPSA-2008-001...