14 lines
1.6 KiB
JSON
14 lines
1.6 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1686",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1686",
|
|
"title": "An update for pcre2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Critical",
|
|
"description": "PCRE2 is a re-working of the original PCRE1 library to provide an entirely new API. Since its initial release in 2015, there has been further development of the code and it now differs from PCRE1 in more than just the API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which processes strings of 16-bit values, and one for the 32-bit library, which processes strings of 32-bit values. Unlike PCRE1, there are no C++ wrappers.\n\nSecurity Fix(es):\n\nAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.(CVE-2022-1586)\n\nAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.(CVE-2022-1587)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-1587",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1587",
|
|
"severity": "Critical"
|
|
}
|
|
]
|
|
} |