Search for vulnerabilities
Vulnerability details: VCID-ngmw-tzhe-aaar
Vulnerability ID VCID-ngmw-tzhe-aaar
Aliases CVE-2006-7227
Summary Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:1052
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02173 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
epss 0.03292 https://api.first.org/data/v1/epss?cve=CVE-2006-7227
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=383341
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2006-7227
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7227.json
https://access.redhat.com/security/cve/CVE-2006-7227
https://api.first.org/data/v1/epss?cve=CVE-2006-7227
http://scary.beasts.org/security/CESA-2007-006.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227
http://secunia.com/advisories/27582
http://secunia.com/advisories/27741
http://secunia.com/advisories/27773
http://secunia.com/advisories/27869
http://secunia.com/advisories/28406
http://secunia.com/advisories/28414
http://secunia.com/advisories/28658
http://secunia.com/advisories/28714
http://secunia.com/advisories/28720
http://secunia.com/advisories/30106
http://secunia.com/advisories/30155
http://secunia.com/advisories/30219
http://security.gentoo.org/glsa/glsa-200711-30.xml
http://security.gentoo.org/glsa/glsa-200801-02.xml
http://security.gentoo.org/glsa/glsa-200801-18.xml
http://security.gentoo.org/glsa/glsa-200801-19.xml
http://security.gentoo.org/glsa/glsa-200805-11.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408
http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm
http://www.debian.org/security/2008/dsa-1570
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
http://www.pcre.org/changelog.txt
http://www.redhat.com/support/errata/RHSA-2007-1052.html
http://www.securityfocus.com/bid/26462
383341 https://bugzilla.redhat.com/show_bug.cgi?id=383341
cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
CVE-2006-7227 https://nvd.nist.gov/vuln/detail/CVE-2006-7227
GLSA-200711-30 https://security.gentoo.org/glsa/200711-30
RHSA-2007:1052 https://access.redhat.com/errata/RHSA-2007:1052
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-7227
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.82829
EPSS Score 0.02173
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.