CVE-2007-2026 — Vulnetix

Try Vulnetix Request Demo

CVE-2007-2026 PUBLISHED CVSS 7.800000190734863 HIGH

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.

EPSS 2.98% · 86.4th percentile

Risk Scores

CVSS v2.0

7.800000190734863

EPSS Score

2.98%

86.4th percentile

Affected Products

Vendor	Product	Versions
gentoo	file	4.20
n/a	n/a	n/a
amavis	virus_scanner

Timeline

Apr 13, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 19, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Sep 15, 2023 EPSS Score

References

https://bugs.gentoo.org/show_bug.cgi?id=174217 url
24918 third-party-advisory
GLSA-200704-13 vendor-advisory
http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user url
https://issues.rpath.com/browse/RPL-1311 url
http://www.amavis.org/security/asa-2007-3.txt url
25544 third-party-advisory
MDKSA-2007:114 vendor-advisory
25578 third-party-advisory
20070524 FLEA-2007-0022-1: file mailing-list
ADV-2007-2071 vdb
25394 third-party-advisory
24146 vdb
https://nvd.nist.gov/vuln/detail/CVE-2007-2026 advisory

Open in Interactive Console →