First published: Fri Apr 22 2022(Updated: )
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/pcre2 | <10.40 | 10.40 |
PCRE2 | <10.40 | |
Red Hat Fedora | =35 | |
Red Hat Fedora | =36 | |
Red Hat Enterprise Linux | =8.0 | |
Red Hat Enterprise Linux | =9.0 | |
NetApp Active IQ Unified Manager for VMware vSphere | ||
NetApp SolidFire & HCI Management Node | ||
NetApp ONTAP Select Deploy | ||
NetApp SolidFire & HCI Storage Node | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
All of | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
All of | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700S | ||
NetApp H700S | ||
All of | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
All of | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-1586.
The severity of CVE-2022-1586 is critical with a CVSS score of 9.1.
The PCRE2 library versions up to 10.40, Fedora 35 and 36, Redhat Enterprise Linux 8.0 and 9.0, and various Netapp products are affected by CVE-2022-1586.
CVE-2022-1586 is an out-of-bounds read vulnerability in the PCRE2 library due to a unicode property matching issue in JIT-compiled regular expressions.
Update to the latest version of the PCRE2 library (version 10.41 or later) or apply the relevant security patches provided by the affected software vendors.