{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<p>PCRE versions ant\u00e9rieures \u00e0 la version  7.3.</p>","content":"## Description\n\nLa biblioth\u00e8que PCRE (Perl Compatible Regular Expressions) est un\nensemble de fonctions permettant d'utiliser des expressions r\u00e9guli\u00e8res\nconstruites s\u00e9mantiquement et syntaxiquement de la m\u00eame mani\u00e8re que les\nexpressions r\u00e9guli\u00e8res de Perl.\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans la biblioth\u00e8que\nPCRE. L'exploitation de ces vuln\u00e9rabilit\u00e9s permet \u00e0 un utilisateur\nmalintentionn\u00e9 d'effectuer diverses actions telles que le d\u00e9ni de\nservice, l'acc\u00e8s \u00e0 des donn\u00e9es sensibles, ou l'ex\u00e9cution de code\narbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-1661","url":"https://www.cve.org/CVERecord?id=CVE-2007-1661"},{"name":"CVE-2006-7230","url":"https://www.cve.org/CVERecord?id=CVE-2006-7230"},{"name":"CVE-2007-4768","url":"https://www.cve.org/CVERecord?id=CVE-2007-4768"},{"name":"CVE-2007-1660","url":"https://www.cve.org/CVERecord?id=CVE-2007-1660"},{"name":"CVE-2007-1659","url":"https://www.cve.org/CVERecord?id=CVE-2007-1659"},{"name":"CVE-2006-7227","url":"https://www.cve.org/CVERecord?id=CVE-2006-7227"},{"name":"CVE-2006-7228","url":"https://www.cve.org/CVERecord?id=CVE-2006-7228"},{"name":"CVE-2007-1662","url":"https://www.cve.org/CVERecord?id=CVE-2007-1662"},{"name":"CVE-2007-4767","url":"https://www.cve.org/CVERecord?id=CVE-2007-4767"},{"name":"CVE-2007-4766","url":"https://www.cve.org/CVERecord?id=CVE-2007-4766"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-547-1 du 27 novembre 2007 :","url":"http://www.ubuntulinux.org/usn/usn-547-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA 1399 du 06 novembre 2007 :","url":"http://www.debian.org/security/2007/dsa-1399"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200711-30 du 21 novembre    2007 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml"}],"reference":"CERTA-2007-AVI-513","revisions":[{"description":"version initiale.","revision_date":"2007-11-30T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire"},{"description":"D\u00e9ni de service"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":null,"title":"Multiples vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que PCRE","vendor_advisories":[{"published_at":null,"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 d'Ubuntu du 27 novembre 2007","url":null},{"published_at":null,"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo du 21 novembre 2007","url":null}]}