CVE-2022-1587

Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1587.json
Aliases
Published
2022-05-16T21:15:00Z
Modified
2023-03-16T08:46:58.307641Z
Details

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength() function of the pcre2jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

References

Affected packages

Alpine:v3.13 / pcre2

pcre2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
10.36-r1

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1

Alpine:v3.14 / pcre2

pcre2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
10.36-r1

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1

Alpine:v3.15 / pcre2

pcre2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r1

Alpine:v3.16 / pcre2

pcre2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r1

Alpine:v3.17 / pcre2

pcre2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r1