|PCRE pcre_compile.c文件堆溢出漏洞 - VULHUB开源网络安全威胁库

PCRE pcre_compile.c文件堆溢出漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

CVE(CAN) ID: CVE-2008-2371 PCRE（Perl兼容正则表达式）库是个开放源代码的软件，可提供正则表达式支持。当PCRE在启动模式（pattern）指定选项的时候，为了防止将其不必要的编译到字节代码，会如pcre_compile()选项所指定的方式传送回调用程序（也就是/(?i)a|b/ == /a|b/i）。如果模式包含有多个分支的话，就会意外的将新选项回传的过远，仅有第一个分支获得了新的标记，而在第二次编译传送的时候会一直设置新的标记，导致大小计算传送和实际的编译传送之间出现不匹配，这可能触发堆溢出。 PCRE 7.7 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1602-1）以及相应补丁: DSA-1602-1：New pcre3 packages fix arbitrary code execution 链接：<a href=http://www.debian.org/security/2008/dsa-1602 target=_blank>http://www.debian.org/security/2008/dsa-1602</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc</a> Size/MD5 checksum: 888 9ef88cd7ab592b3799211018f8d20f63 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz</a> Size/MD5 checksum: 83574 2d9686b5b3a5480aa528bd89cdea12a6 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz</a> Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 21038 72545720bee988d70381cf56ac08ab3e <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 91302 039876d52014e88686119445734f6ec7 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 264154 19f60bc08e3f2a5d8ca305851f44ef55 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb</a> Size/MD5 checksum: 209168 f19f07f81f4b9259c7b061faf7d9fc7c amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 89984 c92634b92f00d7f41991d58d3ad690bc <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 198552 2760ab9ccf2cdf8b7fec89e4068feba7 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 250032 68f3c4360bc41358bb97f546bcb0e3ce <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb</a> Size/MD5 checksum: 20150 9bed90914b31ea7f11810c3b99d5b5c6 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 88966 41f8ee2780754174274009055c952079 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 19920 f10b8d7a5c6366136813af67d0a8b7ff <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 243970 8becd101006adf3dfca88607c07d3086 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb</a> Size/MD5 checksum: 198322 b2c55ac5d7a2be62c5b5e8cb6d0c48f2 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 92266 b9236279f24acead3acfed524d87d1bd <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 255722 f0a3084a3683ece8f0c10ffd937ef252 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 202446 5e552d19b502810cf640eb8c11776736 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb</a> Size/MD5 checksum: 20726 aa317ebe8c30e18966b3786acc1398b9 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 89862 60a49383c76120d08e4d300564b659db <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 246934 b20ff56ba4289860f1d09a75abfa3505 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 19348 dcded2ff2a56d461e522ac11647ab4f2 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb</a> Size/MD5 checksum: 196894 30a9803ec2c737702228c88b121d1544 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 230688 264ad5d5665e602b2f692b899fd0a5e9 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 25658 538af9aabca0427844e955f028c050e4 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 280674 e4d8e19abeed7202102e94597c4798e8 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb</a> Size/MD5 checksum: 93858 c6cf88e6acf726bd4179658e0f2bbe9e mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 198430 ac574108ba4f6ae4b70179b7d6b5d7c9 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 253526 77b402e25c797abf1f7557e106326667 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 90538 e1671c5b76cca0256a8d41b8f9e419e3 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb</a> Size/MD5 checksum: 20424 766ce624fa24e42d04b53511e1cbed21 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 90520 2dc1625becce40f479e50fdcf075571b <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 252396 52692425252b9c4263fb2899918d0966 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 197616 f228905aa01a3ae35801dc9b9b12c0ef <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb</a> Size/MD5 checksum: 20454 e991967c20b95fe40b0f45acd9eafa1d powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 197676 2debc2e40a4b17f562f82e5304ce8f4a <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 253048 e442f8398410b41db288e77c36b4cd5f <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 92152 bd22696efa2ad001a602c73d614f046c <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb</a> Size/MD5 checksum: 21270 88d9a6a11ccb43ad9d7e2f6418875619 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 200044 6476b48137e32a76c3c85b09a901c0bc <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 90586 de5f46464693e513d4045c0e037585ab <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 20108 cdd1618521e5e64d04e5e26a49803b4f <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb</a> Size/MD5 checksum: 248498 4de3715c9a55f4aa0ba33fcde49ee7cd sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 197656 06f3298311fba7fb8bb4a072372c79b4 <a href=http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 19420 a4c54f7f457816b8e1f087055e959e23 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 247278 7c41012b79be5869fcf03f6c71be98b0 <a href=http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb</a> Size/MD5 checksum: 88798 5905a7ee0d9a17c564ef929655fd8cd7 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™