-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nmap7.60 crash in libpcre.so when scan service #1108
Comments
I cannot reproduce this on CentOS 7.4.1708 with libpcre 8.32. Since the crash is in libpcre, you may have a corrupted libpcre.so, which you can diagnose by running OS detection does not use libpcre, so the crash is not related to that. |
Thanks for your reply. I'm sorry, it's not crashed in os detection, but in service scan, it will still crash without -O. I guess the root cause is improper regex leads stack overflow in pcre match method, and this may lead some security issue. The crash doesn't appear stably, you can reproduce by multiple attempt. The old nmap(7.12) has no this issue, The stack info and version info is as follows. The complete crash stack is: This is my nmap version info: |
Seeing those newlines without carriage returns in the response leads me to realize this is the same as #1147, which is where I've started recording my progress. Thanks very much for reporting this! |
Hi, I use the nmap 7.70(build from github latest version) with your modification(nmap-service-probes), this issue is still exists, and I attach the core file for debugging convenience. |
In centos7, use nmap 7.60(x64) scan os fingerprint may be lead to crash for some specific ip ports.
repreduction step:
execute following cmd, if has no crash, please try more times.
./nmap 112.17.252.38 -sT -sV -Pn -n -p82 -O
the crash backtrace is as follows:
0 0x00007ffff7b8d7ca in match () from /lib64/libpcre.so.1
1 0x00007ffff7b8e17f in match () from /lib64/libpcre.so.1
2 0x00007ffff7b9b40a in match () from /lib64/libpcre.so.1
The text was updated successfully, but these errors were encountered: