Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-1586

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Related bugs and status

CVE-2022-1586 (Candidate) is related to these bugs:

Bug #1994105: Debian CVE-2022-1586 / CVE-2022-1587: pcre2: multiple CVEs

Summary				In	Importance	Status
	1994105	Debian CVE-2022-1586 / CVE-2022-1587: pcre2: multiple CVEs		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

FEDORA: FEDORA-2022-e56085ba31
MISC: https://bugzilla.redha...
MISC: https://github.com/PCR...
MISC: https://github.com/PCR...
FEDORA: FEDORA-2022-a3edad0ab6
FEDORA: FEDORA-2022-19f4c34184
FEDORA: FEDORA-2022-9c9691d058
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...