CVE-2025-58050

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions: PCRE2 library versions prior to 10.46

Description: The PCRE2 library contains a heap-buffer-overflow read vulnerability in the regular expression matching engine. The issue occurs within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2 match.c. This may lead to information disclosure if the out-of-bounds data read during the memcmp function affects the final match result.

Recommendations: Update to PCRE2 library version 10.46 or later.

Exploit

Fix

DoS

Out of bounds Read

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787CWE-122

Related Identifiers

ALT-PU-2025-11010

BDU:2025-12592

CVE-2025-58050

GHSA-C2GV-XGF5-5CC2

OPENSUSE-SU-2025:15501-1

OPENSUSE-SU-2026:20512-1

SUSE-SU-2026:21094-1

SUSE-SU-2026:21172-1

USN-7777-1

Affected Products

Alt Linux

Pcre2

Red Os

Ubuntu

CVE-2025-58050

Weakness Enumeration

Related Identifiers

Affected Products

References · 36