CVE-2025-58050

CWE-122 — Heap-based Buffer Overflow CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

6.9MEDIUM

EPSS

0.0%

top 90.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pcre2project Pcre2 Pcre Pcre2

Timeline

PublishedAug 27

Latest updateSep 25

Description

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L

Affected Packages3 packages

▶Debianpcre2< 10.46-1~deb13u1+1

▶NVDpcre/pcre210.45

▶CVEListV5pcre2project/pcre2= 10.45

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-58050: The PCRE2 library is a set of C functions that implement regular expression pattern matching↗2025-08-27

▶

CVEList

PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS↗2025-08-27

▶

📋Vendor Advisories

Ubuntu

PCRE2 vulnerability↗2025-09-25

▶

Red Hat

pcre2: PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS↗2025-08-27

▶

Debian

CVE-2025-58050: pcre2 - The PCRE2 library is a set of C functions that implement regular expression patt...↗2025

▶