CVE-2022-1586

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-1586
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1586.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1586
Downstream
Related
Published
2022-05-16T21:15:07.793Z
Modified
2026-03-14T15:00:54.379282Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath() function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

References

Affected packages

Git / github.com/pcre2project/pcre2

Affected ranges

Type
GIT
Repo
https://github.com/pcre2project/pcre2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3103b8f20a3b9944b177e812fde29fbfb8b90558
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
65457aab66e9ae18a2a382d1f6083604fbcae4c0
Fixed
d4fa336fbcc388f89095b184ba6d99422cfc676c
Fixed
50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.40"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        }
    ]
}

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "36"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2022-1586-2fd20eca",
        "target": {
            "file": "src/pcre2_jit_compile.c",
            "function": "compile_xclass_matchingpath"
        },
        "digest": {
            "length": 19889.0,
            "function_hash": "41300829383723252943297909714980710868"
        },
        "signature_version": "v1",
        "source": "https://github.com/pcre2project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2022-1586-486e13a2",
        "target": {
            "file": "src/pcre2_jit_test.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "339620945348427712212381388545774342412",
                "124167549058306645007988220067075173415",
                "309395507812416031802042378554291166529",
                "16059173172654235410661150339161003337"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/pcre2project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2022-1586-8505e630",
        "target": {
            "file": "src/pcre2test.c",
            "function": "display_properties"
        },
        "digest": {
            "length": 2132.0,
            "function_hash": "136593279028409485865868554239388333420"
        },
        "signature_version": "v1",
        "source": "https://github.com/pcre2project/pcre2/commit/3103b8f20a3b9944b177e812fde29fbfb8b90558"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2022-1586-b26c3441",
        "target": {
            "file": "src/pcre2_jit_compile.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "261031969686312999006512549674494490461",
                "168259855099571918664674207254596473730",
                "129755615421991772175711125174276683242",
                "141477962428344099817664558993047106632"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/pcre2project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2022-1586-ec8883ab",
        "target": {
            "file": "src/pcre2test.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "284991208664132423429566079959482933300",
                "59663981944089027375129892030352113302",
                "215502009414250523089328794008073975091",
                "66628541543409450441890529484581639807"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/pcre2project/pcre2/commit/3103b8f20a3b9944b177e812fde29fbfb8b90558"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1586.json"