CVE-2025-58050 — CRITICAL (9.1)

Vulnerability Description

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pcre	Pcre2	10.45

Related Weaknesses (CWE)

CWE-787 CWE-122 CWE-125

References

https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3dPatch
https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46Release Notes
https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2ExploitVendor Advisory
https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2ExploitVendor Advisory

FAQ

What is CVE-2025-58050?

CVE-2025-58050 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matchin...

How severe is CVE-2025-58050?

CVE-2025-58050 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-58050?

Check the references section above for vendor advisories and patch information. Affected products include: Pcre Pcre2.