Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us: Help@mobilehackerforhire.com

Telegram Medium
Mobile Hacker For Hire
Hire a hacker

Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library

#1 Mobile Hacker For Hire > Blog > Uncategorized > Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library

Table of Contents




From: Gordon Fyodor Lyon <fyodor () nmap org>
Date: Mon, 20 Jun 2022 14:09:29 -0700

Hi Shivani.  Thanks for the report.  Those two vulnerabilities are in the
PCRE2 (2nd generation) PCRE library.  Although we plan to upgrade to PCRE2
soon, Nmap is currently still using the 1st generation PCRE which is not
susceptible to these bugs.  When we do upgrade, we will be sure to use a
fixed version of PCRE2.

Also, Nmap version 4.6 and 5.21 are ancient and well worth upgrading for
other reasons.


On Mon, Jun 20, 2022 at 1:47 PM Sharma, Shivani via dev <dev () nmap org>
wrote:


Hi Team,

We are using Nmap 4.6 and 5.21 in our project and scan tool reports one
vulnerability to Nmap which is related to PCRE2.

As per vulnerabilities ,CVE-2022-1586: This involves a unicode property
matching issue in JIT-compiled regular expressions. The issue occurs
because the character was not fully read in case-less matching within JIT.

CVE-2022-1587: This comes with PCRE2 library in the
get_recurse_data_length() function of the pcre2_jit_compile.c file. This
issue affects recursions in JIT-compiled regular expressions caused by
duplicate data transfers.



We want to ask following questions



   1. Is Nmap 4.6 and 5.21 are vulnerable to CVE-2022-1586 and
   CVE-2022-1587 issue?
   2. If it is vulnerable so in which version it is vulnerable free and
   how can we get that.

Regards,

Shivani
This message contains information that may be privileged or confidential
and is the property of the Capgemini Group. It is intended only for the
person to whom it is addressed. If you are not the intended recipient, you
are not authorized to read, print, retain, copy, disseminate, distribute,
or use this message or any part thereof. If you receive this message in
error, please notify the sender immediately and delete all copies of this
message.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/



Current thread:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Uncategorized
ABUS Security Camera LFI, RCE and SSH Root
Posted on
Uncategorized
Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666
Posted on
Uncategorized
pfBlockerNG 2.1.4_26 Remote Code Execution ≈ Mobile Hacker For Hire
Posted on

©2022. Mobile Hacker For Hire. All Rights Reserved.

help@mobilehackerforhire.com

error: Content is protected !!