{"id":"ALPINE-CVE-2025-58050","details":"The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.","modified":"2026-03-09T01:24:27.920618Z","published":"2025-08-27T19:15:37.560Z","upstream":["CVE-2025-58050"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2025-58050"}],"affected":[{"package":{"name":"pcre2","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.46-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0","10.40-r0","10.41-r0","10.41-r1","10.42-r0","10.42-r1","10.42-r2","10.42-r3","10.43-r0","10.43-r1","10.45-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-58050.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.46-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0","10.40-r0","10.41-r0","10.41-r1","10.42-r0","10.42-r1","10.42-r2","10.42-r3","10.43-r0","10.43-r1","10.45-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-58050.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}