1. Home
  2. CVE Database
  3. CVE-2022-1587
CRITICAL · 9.1

CVE-2022-1587

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular...

Vulnerability Description

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
PcrePcre2< 10.40
RedhatEnterprise Linux9.0
FedoraprojectFedora35
NetappActive Iq Unified Manager-
NetappHci Management Node-
NetappOntap Select Deploy Administration Utility-
NetappSolidfire-
NetappH300S Firmware-
NetappH300S-
NetappH500S Firmware-
NetappH500S-
NetappH700S Firmware-
NetappH700S-
NetappH410S Firmware-
NetappH410S-
NetappH410C Firmware-
NetappH410C-

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2022-1587?

CVE-2022-1587 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular...

How severe is CVE-2022-1587?

CVE-2022-1587 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-1587?

Check the references section above for vendor advisories and patch information. Affected products include: Pcre Pcre2, Redhat Enterprise Linux, Fedoraproject Fedora, Netapp Active Iq Unified Manager, Netapp Hci Management Node.