PT-2022-26045 · Alt Linux+8 · Alt Linux+8

Adam Korczynski

+1

·

Published

2022-10-04

·

Updated

2025-02-28

·

CVE-2022-41715

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.
Description Programs that compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases, the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALSA-2023:0328
ALSA-2023:0446
ALSA-2023:2167
ALSA-2023:2204
ALSA-2023:2357
ALSA-2023:2592
ALSA-2023:2780
ALSA-2023:2784
ALSA-2023:2866
ALSA-2024:0121
ALSA-2024:3254
ALT-PU-2022-2743
ALT-PU-2022-2873
ALT-PU-2023-1205
AZL-11130
AZL-37407
AZL-78964
BIT-GOLANG-2022-41715
CESA-2023_0446
CESA-2023_2780
CESA-2023_2784
CESA-2023_2866
CESA-2024_0121
CESA-2024_2988
CESA-2024_3254
CVE-2022-41715
GO-2022-1039
INFSA-2024_2988
MGASA-2022-0377
OESA-2022-2004
OESA-2025-1052
OESA-2025-1053
OESA-2025-1054
OESA-2025-1055
OESA-2025-1056
OESA-2025-1059
OESA-2025-1185
OPENSUSE-SU-2022_3668-1
OPENSUSE-SU-2022_3669-1
OPENSUSE-SU-2023_2598-1
OPENSUSE-SU-2024:12391-1
OPENSUSE-SU-2024:12392-1
OPENSUSE-SU-2024:13604-1
OPENSUSE-SU-2024_3288-1
RHSA-2022:7398
RHSA-2023:0328
RHSA-2023:0445
RHSA-2023:0446
RHSA-2023:0708
RHSA-2023:0727
RHSA-2023:1275
RHSA-2023:2167
RHSA-2023:2204
RHSA-2023:2357
RHSA-2023:2592
RHSA-2023:2780
RHSA-2023:2784
RHSA-2023:2866
RHSA-2023:3613
RHSA-2023:4003
RHSA-2023_0328
RHSA-2023_0446
RHSA-2023_2167
RHSA-2023_2204
RHSA-2023_2357
RHSA-2023_2592
RHSA-2023_2780
RHSA-2023_2784
RHSA-2023_2866
RHSA-2024:0121
RHSA-2024:2586
RHSA-2024:2988
RHSA-2024:3254
RHSA-2024_0121
RHSA-2024_2988
RHSA-2024_3254
RLSA-2023:0328
RLSA-2023:0446
RLSA-2024:3254
SUSE-SU-2022:3668-1
SUSE-SU-2022:3669-1
SUSE-SU-2023:2182-1
SUSE-SU-2023:2183-1
SUSE-SU-2023:2312-1
SUSE-SU-2023:2578-1
SUSE-SU-2023:2579-1
SUSE-SU-2023:2598-1
SUSE-SU-2024:0191-1
SUSE-SU-2024:0196-1
SUSE-SU-2024:0486-1
SUSE-SU-2024:0487-1
SUSE-SU-2024:3288-1
USN-6038-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu