CNNVD-202508-3176 Information
CNNVD ID
CNNVD-202508-3176
Related CVE
- CNNVD Published: 2025-08-27
Description (Chinese)
PCRE2是PCRE2Project开源的一组 C 函数。使用与 Perl5 相同的语法和语义来实现正则表达式模式匹配。 PCRE2 10.45版本存在安全漏洞,该漏洞源于处理(*scs:…)和(*ACCEPT)时存在堆缓冲区溢出读取,可能导致信息泄露。
Description (English)
PCRE2 is a set of C functions for the open source of PCRE2Project. Use the same syntax and syntax as Perl5 to match regular expressions. Version 10.45 of PCRE2 has a security loophole, which stems from the proliferation of buffer zones during processing (*scs:…) and (*ACCEPT), which could lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PDFMyURL
Published
2025-08-27
Last Modified
2026-02-24
References
https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2 https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46 https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254 https://vigilance.fr/vulnerability/PCRE2-out-of-bounds-memory-reading-via-Scan-SubString-48315 https://nvd.nist.gov/vuln/detail/CVE-2025-58050
Patch
https://github.com/PCRE2Project/pcre2/releases
Share on: