Описание
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
In pcre2 library, there is a vulnerability in the code that causes a heap-buffer-overflow. This arises from using the special verb - Scan-SubString together with (*ACCEPT) which causes an out-of-bounds read. This could be exploited by an attacker through crafting a pattern using this combination to trigger the heap-buffer overflow.
Отчет
The bug is in src/pcre2_match.c. When (*scs:...) temporarily restricts the match boundaries to a captured substring, the engine restores the current subject pointer (Feptr) correctly on an immediate (*ACCEPT), but it fails to restore mb->end_subject and mb->true_end_subject. If execution later calls match_ref (for example for a backreference like \2), the bounds check can underflow because mb->end_subject - eptr becomes negative and is cast to an unsigned size. That makes the length check pass incorrectly and memcmp reads past the end of the allocated buffer, causing a heap-buffer-overflow read.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | mingw-pcre2 | Not affected | ||
| Red Hat Enterprise Linux 10 | pcre2 | Not affected | ||
| Red Hat Enterprise Linux 7 | pcre2 | Not affected | ||
| Red Hat Enterprise Linux 8 | pcre2 | Not affected | ||
| Red Hat Enterprise Linux 9 | mingw-pcre2 | Not affected | ||
| Red Hat Enterprise Linux 9 | pcre2 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
The PCRE2 library is a set of C functions that implement regular expre ...
Уязвимость библиотеки регулярных выражений PCRE2, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
6.5 Medium
CVSS3