Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS
Vulnerability Description
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
PCRE2 安全漏洞
Vulnerability Description
PCRE2是PCRE2Project开源的一组 C 函数。使用与 Perl5 相同的语法和语义来实现正则表达式模式匹配。 PCRE2 10.45版本存在安全漏洞,该漏洞源于处理(*scs:...)和(*ACCEPT)时存在堆缓冲区溢出读取,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A