Vulnerability Details CVE-2022-1587
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.3%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C
- https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
- https://security.netapp.com/advisory/ntap-20221028-0009/
- https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C
- https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
- https://security.netapp.com/advisory/ntap-20221028-0009/
Products affected by CVE-2022-1587
-
cpe:2.3:a:netapp:active_iq_unified_manager:-
-
cpe:2.3:a:netapp:hci_management_node:-
-
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-
-
cpe:2.3:a:netapp:solidfire:-
-
cpe:2.3:a:pcre:pcre2:-
-
cpe:2.3:a:pcre:pcre2:10.00
-
cpe:2.3:a:pcre:pcre2:10.10
-
cpe:2.3:a:pcre:pcre2:10.20
-
cpe:2.3:a:pcre:pcre2:10.21
-
cpe:2.3:a:pcre:pcre2:10.22
-
cpe:2.3:a:pcre:pcre2:10.23
-
cpe:2.3:a:pcre:pcre2:10.30
-
cpe:2.3:a:pcre:pcre2:10.31
-
cpe:2.3:a:pcre:pcre2:10.32
-
cpe:2.3:a:pcre:pcre2:10.33
-
cpe:2.3:a:pcre:pcre2:10.34
-
cpe:2.3:a:pcre:pcre2:10.35
-
cpe:2.3:a:pcre:pcre2:10.36
-
cpe:2.3:a:pcre:pcre2:10.37
-
cpe:2.3:a:pcre:pcre2:10.38
-
cpe:2.3:a:pcre:pcre2:10.39
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410c:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410c_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-
-
cpe:2.3:o:redhat:enterprise_linux:9.0