PT-2022-3100 · Pcre2+10 · Pcre2+10

Pedro Sampaio

Published

2022-03-23

Updated

2025-03-25

CVE-2022-1586

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions PCRE2 (affected versions not specified)

Description An out-of-bounds read issue was discovered in the PCRE2 library, specifically in the compile xclass matchingpath() function of the pcre2 jit compile.c file. This issue involves a unicode property matching problem in JIT-compiled regular expressions, occurring because a character was not fully read during case-less matching within JIT. The vulnerability can be exploited by a remote attacker to cause a denial of service or disclose protected information by sending specially crafted data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:5809

ALT-PU-2022-1704

ALT-PU-2022-1985

ALT-PU-2022-3051

BDU:2022-03770

CESA-2022_5809

CVE-2022-1586

DLA-3363-1

MGASA-2022-0417

OESA-2022-1686

OPENSUSE-SU-2022:2361-1

OPENSUSE-SU-2022_1883-1

OPENSUSE-SU-2022_2360-1

OPENSUSE-SU-2022_2361-1

RHSA-2022:5251

RHSA-2022:5809

RHSA-2022_5251

RHSA-2022_5809

RLSA-2022:5251

RLSA-2022:5809

SUSE-RU-2022:1883-1

SUSE-SU-2022:1836-1

SUSE-SU-2022:1883-1

SUSE-SU-2022:2334-1

SUSE-SU-2022:2360-1

SUSE-SU-2022:2361-1

SUSE-SU-2022_1836-1

SUSE-SU-2022_1883-1

SUSE-SU-2022_2334-1

SUSE-SU-2022_2360-1

SUSE-SU-2022_2361-1

USN-5627-1

USN-5627-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Pcre2

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-3100 · Pcre2+10 · Pcre2+10

CVE-2022-1586

Weakness Enumeration

Related Identifiers

Affected Products

References · 92