Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
nmap7.60 crash in libpcre.so when scan service #1108
In centos7, use nmap 7.60(x64) scan os fingerprint may be lead to crash for some specific ip ports.
the crash backtrace is as follows:
I cannot reproduce this on CentOS 7.4.1708 with libpcre 8.32. Since the crash is in libpcre, you may have a corrupted libpcre.so, which you can diagnose by running
OS detection does not use libpcre, so the crash is not related to that.
Thanks for your reply. I'm sorry, it's not crashed in os detection, but in service scan, it will still crash without -O. I guess the root cause is improper regex leads stack overflow in pcre match method, and this may lead some security issue. The crash doesn't appear stably, you can reproduce by multiple attempt. The old nmap(7.12) has no this issue, The stack info and version info is as follows.
The complete crash stack is:
This is my nmap version info: