CVE-2022-1587

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions PCRE2 (affected versions not specified)

Description The issue is related to an out-of-bounds read vulnerability in the PCRE2 library, specifically in the get recurse data length() function of the pcre2 jit compile.c file. This vulnerability affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Exploitation of this issue could allow a remote attacker to access confidential data and cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2022-1704

ALT-PU-2022-1985

ALT-PU-2022-3051

BDU:2023-02635

CVE-2022-1587

DLA-3363-1

MGASA-2022-0417

OESA-2022-1686

OPENSUSE-SU-2022:2649-1

OPENSUSE-SU-2022_2566-1

OPENSUSE-SU-2022_2649-1

RHSA-2022:5251

RHSA-2022_5251

RLSA-2022:5251

SUSE-SU-2022:2565-1

SUSE-SU-2022:2566-1

SUSE-SU-2022:2649-1

SUSE-SU-2022_2565-1

SUSE-SU-2022_2566-1

USN-5627-1

USN-5627-2

Affected Products

Alt Linux

Astra Linux

Linuxmint

Pcre2

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-1587

Weakness Enumeration

Related Identifiers

Affected Products

References · 61