一、 漏洞 CVE-2025-62495 基础信息
漏洞信息
                                        # QuickJS 字符串加法类型混淆漏洞

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Type confusion in string addition in QuickJS
来源:美国国家漏洞数据库 NVD
漏洞描述信息
An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. * The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\text{size}\_\text{t}$ (an unsigned type, typically 64-bit) for its size member. * However, several functions, such as re_emit_op_u32 and other internal parsing routines, incorrectly cast or store this DynBuf $\text{size}\_\text{t}$ value into a signed int (typically 32-bit). * When a large or complex regular expression (such as those generated by a recursive pattern in a Proof-of-Concept) causes the bytecode size to exceed $2^{31}$ bytes (the maximum positive value for a signed 32-bit integer), the size value wraps around, resulting in a negative integer when stored in the int variable (Integer Overflow). * This negative value is subsequently used in offset calculations. For example, within functions like re_parse_disjunction, the negative size is used to compute an offset (pos) for patching a jump instruction. * This negative offset is then incorrectly added to the buffer pointer (s->byte\_code.buf + pos), leading to an out-of-bounds write on the first line of the snippet below: put_u32(s->byte_code.buf + pos, len);
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
整数下溢(超界折返)
来源:美国国家漏洞数据库 NVD
漏洞标题
QuickJS 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS存在安全漏洞,该漏洞源于正则表达式引擎中整数溢出导致的缓冲区大小表示不一致,可能导致越界写入。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-62495 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-62495 的情报信息
四、漏洞 CVE-2025-62495 的评论

暂无评论

发表评论