漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Vulnerability Description
A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
缓冲区上溢读取
Vulnerability Title
GNOME glib 缓冲区错误漏洞
Vulnerability Description
GNOME glib是GNOME基金会开源的一个通用的、可移植的实用程序库。提供了许多有用的数据类型、宏、类型转换、字符串实用程序、文件实用程序、主循环抽象等。 GNOME glib存在缓冲区错误漏洞,该漏洞源于g_regex_replace函数在使用G_REGEX_RAW编译标志和大小写替换转义时,string_append函数使用假设有效UTF-8输入的UTF-8函数处理匹配的子字符串,即使字符串被视为原始字节,可能导致缓冲区过度读取,进而造成1-5字节的信息泄露以及当缓冲区过度读取跨越页面边界时导致
CVSS Information
N/A
Vulnerability Type
N/A