漏洞标题
N/A
漏洞描述信息
PCRE 8.38中的pcre_compile2函数在pcre_compile.c中处理了以下模式及其相关模式:
/(?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R)))))/
这些模式以及它们的相关模式可能会让远程攻击者通过精心构造的 regular expression 造成服务拒绝(基于堆缓冲区溢出),或者可能具有未指定的其他影响,这被K CONqueror中遇到的JavaScript RegExp对象所证明。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
PCRE 拒绝服务漏洞
漏洞描述信息
PCRE(Perl Compatible Regular Expressions)是软件开发者Philip Hazel所研发的一个使用C语言编写的开源正则表达式函数库。 PCRE 8.38版本的pcre_compile.c文件中的‘pcre_compile2’函数中存在安全漏洞,该漏洞源于程序没有正确处理‘/((?:F?+(?:^(?(R)a+"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'){97)?J)?J)(?'R'(?'R'){99|(:(?|(?'R')(k'R')
CVSS信息
N/A
漏洞类别
缓冲区错误