Search for vulnerabilities
Vulnerability details: VCID-xug4-hmv4-aaac
Vulnerability ID VCID-xug4-hmv4-aaac
Aliases CVE-2006-7228
Summary Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:1059
rhas Important https://access.redhat.com/errata/RHSA-2007:1063
rhas Moderate https://access.redhat.com/errata/RHSA-2007:1065
rhas Important https://access.redhat.com/errata/RHSA-2007:1068
rhas Moderate https://access.redhat.com/errata/RHSA-2007:1076
rhas Moderate https://access.redhat.com/errata/RHSA-2007:1077
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0546
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02221 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
epss 0.05518 https://api.first.org/data/v1/epss?cve=CVE-2006-7228
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2006-7228
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
http://lists.vmware.com/pipermail/security-announce/2008/000014.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7228.json
https://access.redhat.com/security/cve/CVE-2006-7228
https://api.first.org/data/v1/epss?cve=CVE-2006-7228
https://bugzilla.redhat.com/show_bug.cgi?id=383371
http://scary.beasts.org/security/CESA-2007-006.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
http://secunia.com/advisories/27582
http://secunia.com/advisories/27741
http://secunia.com/advisories/27773
http://secunia.com/advisories/27776
http://secunia.com/advisories/28027
http://secunia.com/advisories/28041
http://secunia.com/advisories/28050
http://secunia.com/advisories/28406
http://secunia.com/advisories/28414
http://secunia.com/advisories/28658
http://secunia.com/advisories/28714
http://secunia.com/advisories/28720
http://secunia.com/advisories/29032
http://secunia.com/advisories/29085
http://secunia.com/advisories/29785
http://secunia.com/advisories/30106
http://secunia.com/advisories/30155
http://secunia.com/advisories/30219
http://secunia.com/advisories/31124
http://security.gentoo.org/glsa/glsa-200711-30.xml
http://security.gentoo.org/glsa/glsa-200801-02.xml
http://security.gentoo.org/glsa/glsa-200801-18.xml
http://security.gentoo.org/glsa/glsa-200801-19.xml
http://security.gentoo.org/glsa/glsa-200802-10.xml
http://security.gentoo.org/glsa/glsa-200805-11.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10810
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
http://www.debian.org/security/2008/dsa-1570
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
http://www.pcre.org/changelog.txt
http://www.redhat.com/support/errata/RHSA-2007-1059.html
http://www.redhat.com/support/errata/RHSA-2007-1063.html
http://www.redhat.com/support/errata/RHSA-2007-1065.html
http://www.redhat.com/support/errata/RHSA-2007-1068.html
http://www.redhat.com/support/errata/RHSA-2007-1076.html
http://www.redhat.com/support/errata/RHSA-2007-1077.html
http://www.redhat.com/support/errata/RHSA-2008-0546.html
http://www.securityfocus.com/archive/1/488457/100/0/threaded
http://www.securityfocus.com/archive/1/490917/100/0/threaded
http://www.securityfocus.com/bid/26462
http://www.vupen.com/english/advisories/2008/0637
http://www.vupen.com/english/advisories/2008/1234/references
cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
CVE-2006-7228 https://nvd.nist.gov/vuln/detail/CVE-2006-7228
GLSA-200711-30 https://security.gentoo.org/glsa/200711-30
GLSA-200802-10 https://security.gentoo.org/glsa/200802-10
RHSA-2007:1059 https://access.redhat.com/errata/RHSA-2007:1059
RHSA-2007:1063 https://access.redhat.com/errata/RHSA-2007:1063
RHSA-2007:1065 https://access.redhat.com/errata/RHSA-2007:1065
RHSA-2007:1068 https://access.redhat.com/errata/RHSA-2007:1068
RHSA-2007:1076 https://access.redhat.com/errata/RHSA-2007:1076
RHSA-2007:1077 https://access.redhat.com/errata/RHSA-2007:1077
RHSA-2008:0546 https://access.redhat.com/errata/RHSA-2008:0546
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-7228
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89780
EPSS Score 0.02221
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.