Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PCRE‘match’函数缓冲区溢出漏洞
Vulnerability Description
PCRE(Perl Compatible Regular Expressions)是软件开发者Philip Hazel所研发的一个使用C语言编写的开源正则表达式函数库。 PCRE 8.37之前版本的pcre_exec.c文件中的‘match’函数存在安全漏洞,该漏洞源于程序没有正确处理带有‘(*ACCEPT)’字符串的正则表达式。远程攻击者可借助特制的正则表达式利用该漏洞获取进程内存中的敏感信息,或造成拒绝服务(部分内存未初始化和应用程序崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A