{"id":"CVE-2022-1587","details":"An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.","modified":"2026-04-09T08:09:41.900605Z","published":"2022-05-16T21:15:07.847Z","related":["CGA-m588-wrjg-9f2q","MGASA-2022-0417","SUSE-SU-2022:2565-1","SUSE-SU-2022:2566-1","SUSE-SU-2022:2649-1","openSUSE-SU-2022:2649-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221028-0009/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C"},{"type":"FIX","url":"https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/PCRE2Project/pcre2","events":[{"introduced":"0"},{"fixed":"3103b8f20a3b9944b177e812fde29fbfb8b90558"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.40"}]}},{"type":"GIT","repo":"https://github.com/pcre2project/pcre2","events":[{"introduced":"0"},{"fixed":"03654e751e7f0700693526b67dfcadda6b42c9d0"}]}],"versions":["pcre2-10.38","pcre2-10.38-RC1","pcre2-10.39"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1587.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}