CVE-2022-41409Integer Overflow or Wraparound in Pcre2

CWE-190Integer Overflow or Wraparound8 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 86.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pcre Pcre2
Timeline
PublishedJul 18
Latest updateOct 15

Description

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDpcre/pcre2< 10.41
Debianpcre/pcre2< 10.42-1+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
CVEList
CVE-2022-41409: Integer overflow vulnerability in pcre2test before 102023-07-18
OSV
CVE-2022-41409: Integer overflow vulnerability in pcre2test before 102023-07-18
GHSA
GHSA-4qfx-v7wh-3q4j: Integer overflow vulnerability in pcre2test before 102023-07-18

📋Vendor Advisories

4
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (PCRE2) — CVE-2022-414092023-10-15
Red Hat
pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop2023-07-18
Microsoft
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.2023-07-11
Debian
CVE-2022-41409: pcre2 - Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cau...2022
CVE-2022-41409 — Integer Overflow or Wraparound | cvebase