CVE-2022-1587

CRITICAL9.1EPSS 0.27%

Published: 5/16/2022Modified: 12/3/2025

Also known as:ALPINE-CVE-2022-1587

Description

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Affected packages (2)

Alpine/pcre2from 0, < 10.36-r1
Debian/pcre2from 0, < 10.36-2+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2022-1587
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-1587