CVE-2022-1587

Public on 2022-05-16
Modified on 2022-10-25
Description

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Severity
Medium
See what this means
CVSS v3 Base Score
7.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2023 pcre2 2023-02-17 20:44 ALAS2023-2023-045

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
NVD CVSSv2 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P
NVD CVSSv3 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H