From: “Sharma, Shivani via dev” <dev () nmap org>
Date: Fri, 27 May 2022 13:11:45 +0000
Hi Team, We are using Nmap 4.6 and 5.21 in our project and scan tool reports one vulnerability to Nmap which is related to PCRE2. As per vulnerabilities ,CVE-2022-1586: This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. CVE-2022-1587: This comes with PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. We want to ask following questions 1. Is Nmap 4.6 and 5.21 are vulnerable to CVE-2022-1586 and CVE-2022-1587 issue? 2. If it is vulnerable so in which version it is vulnerable free and how can we get that. Regards, Shivani This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
- Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library Sharma, Shivani via dev (Jun 20)