Ubuntu
pcre2 package

CVE-2022-41409: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

Bug #2045489 reported by bhs on 2023-12-03

264

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	pcre2 (Ubuntu)	Confirmed	Low	Unassigned

Bug Description

CVE-2022-41409

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

https://nvd.nist.gov/vuln/detail/CVE-2022-41409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409
https://security-tracker.debian.org/tracker/CVE-2022-41409
https://ubuntu.com/security/
https://ubuntu.com/security/CVE-2022-41409

Potential fix at
https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
https://github.com/PCRE2Project/pcre2/issues/141

CVE References

2022-41409

bhs (bharath-vegito) on 2023-12-03

information type:	Private Security → Public Security
Changed in pcre2 (Ubuntu):
status:	New → Confirmed
no longer affects:	pcre2 (Debian)

Eduardo Barretto (ebarretto) on 2024-10-18

Changed in pcre2 (Ubuntu):
importance:	Undecided → Low

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupcre2 package