发布时间: 2022年10月21日
修改时间: 2025年3月4日
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Local |
| CVSS评分 | 7.5 | 4.0 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | None |
| Availability | High | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2566 | golang security update | 2022年10月21日 |
| KylinSec-SA-2025-1138 | podman security update | 2025年2月28日 |
| KylinSec-SA-2025-1601 | etcd security update | 2025年3月13日 |
| KylinSec-SA-2025-1606 | podman security update | 2025年3月18日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | golang | Fixed |
| KY3.4-5A | golang | Fixed |
| KY3.5.1 | golang | Fixed |
| V6 | golang | Fixed |
| KY3.5.3 | golang | Fixed |
