CVE-2022-1587

Published: May 16, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Vendor	Product	Versions
n/a	pcre2	affected `Fixed in pcre2-10.40.`

Weaknesses (CWE)

CWE-125

References

FEDORA-2022-e56085ba31

vendor-advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C

https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0

FEDORA-2022-a3edad0ab6

vendor-advisory

FEDORA-2022-19f4c34184

vendor-advisory

FEDORA-2022-9c9691d058

vendor-advisory

https://security.netapp.com/advisory/ntap-20221028-0009/

[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-1587

Description

Affected Products

Weaknesses (CWE)

References