CVE-2022-1587 — Out-of-bounds Read in Pcre2
Severity
9.1CRITICALNVD
EPSS
0.3%
top 51.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 16
Latest updateApr 15
Description
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2
Affected Packages3 packages
Also affects: Fedora 35, 36, Enterprise Linux 9.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-jmvm-hj36-w5hc: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile↗2022-05-17
CVEList▶
CVE-2022-1587: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile↗2022-05-16
OSV▶
CVE-2022-1587: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile↗2022-05-16
📋Vendor Advisories
7Oracle▶
Oracle Oracle Database Server Risk Matrix: Oracle Notification Server (PCRE2) — CVE-2022-1587↗2022-10-15
Microsoft▶
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular↗2022-05-10