Search for vulnerabilities
Vulnerability details: VCID-pzru-8c2a-aaar
Vulnerability ID VCID-pzru-8c2a-aaar
Aliases CVE-2008-0674
Summary Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
epss 0.1865 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.23415 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.63929 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.63929 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.63929 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.63929 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65116 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
epss 0.65510 https://api.first.org/data/v1/epss?cve=CVE-2008-0674
generic_textual MODERATE http://secunia.com/advisories/32222
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-0674
generic_textual MODERATE http://support.apple.com/kb/HT3216
generic_textual Low http://www.php.net/ChangeLog-5.php
generic_textual MODERATE http://www.securityfocus.com/bid/31681
generic_textual MODERATE http://www.vupen.com/english/advisories/2008/2780
Reference id Reference type URL
http://ftp.gnome.org/pub/gnome/sources/glib/2.14/glib-2.14.6.news
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
http://pcre.org/changelog.txt
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0674.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0674
https://bugzilla.redhat.com/show_bug.cgi?id=431660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674
http://secunia.com/advisories/28923
http://secunia.com/advisories/28957
http://secunia.com/advisories/28960
http://secunia.com/advisories/28985
http://secunia.com/advisories/28996
http://secunia.com/advisories/29027
http://secunia.com/advisories/29048
http://secunia.com/advisories/29175
http://secunia.com/advisories/29267
http://secunia.com/advisories/29282
http://secunia.com/advisories/30048
http://secunia.com/advisories/30345
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://secunia.com/advisories/32746
http://secunia.com/advisories/36096
http://security.gentoo.org/glsa/glsa-200803-24.xml
http://security.gentoo.org/glsa/glsa-200811-05.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/40505
https://issues.rpath.com/browse/RPL-2223
https://issues.rpath.com/browse/RPL-2503
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3757
https://usn.ubuntu.com/581-1/
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
http://wiki.rpath.com/Advisories:rPSA-2008-0086
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
http://www.debian.org/security/2008/dsa-1499
http://www.mandriva.com/security/advisories?name=MDVSA-2008:053
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/archive/1/488927/100/0/threaded
http://www.securityfocus.com/archive/1/492535/100/0/threaded
http://www.securityfocus.com/bid/27786
http://www.securityfocus.com/bid/29009
http://www.securityfocus.com/bid/31681
http://www.securitytracker.com/id?1022674
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
http://www.vupen.com/english/advisories/2008/0570
http://www.vupen.com/english/advisories/2008/0592
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/2172
cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
CVE-2008-0674 https://nvd.nist.gov/vuln/detail/CVE-2008-0674
GLSA-200803-24 https://security.gentoo.org/glsa/200803-24
GLSA-200811-05 https://security.gentoo.org/glsa/200811-05
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0674
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92214
EPSS Score 0.1865
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.