First published: Fri Apr 22 2022(Updated: )
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/pcre2 | <10.40 | 10.40 |
PCRE2 | <10.40 | |
Red Hat Enterprise Linux | =9.0 | |
Red Hat Fedora | =35 | |
Red Hat Fedora | =36 | |
NetApp Active IQ Unified Manager for VMware vSphere | ||
NetApp SolidFire & HCI Management Node | ||
NetApp ONTAP Select Deploy | ||
NetApp SolidFire & HCI Storage Node | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
NetApp H410C | ||
NetApp H410C Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1587 is an out-of-bounds read vulnerability in the PCRE2 library.
CVE-2022-1587 has a severity score of 9.1 (critical).
The PCRE2 library with versions up to 10.40, Redhat Enterprise Linux 9.0, Fedora 35, and Fedora 36 are affected by CVE-2022-1587.
CVE-2022-1587 causes out-of-bounds read vulnerabilities in JIT-compiled regular expressions due to duplicate data transfers.
To fix CVE-2022-1587, update the affected software to a version that includes the patch provided by PCRE2.