Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library

From: "Sharma, Shivani via dev" <dev () nmap org>
Date: Fri, 27 May 2022 13:11:45 +0000
Hi Team,
We are using Nmap 4.6 and 5.21 in our project and scan tool reports one vulnerability to Nmap which is related to PCRE2.
As per vulnerabilities ,CVE-2022-1586: This involves a unicode property matching issue in JIT-compiled regular 
expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
CVE-2022-1587: This comes with PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. 
This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

We want to ask following questions


  1.  Is Nmap 4.6 and 5.21 are vulnerable to CVE-2022-1586 and CVE-2022-1587 issue?
  2.  If it is vulnerable so in which version it is vulnerable free and how can we get that.
Regards,
Shivani
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It 
is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized 
to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this 
message in error, please notify the sender immediately and delete all copies of this message.

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: