CVE-2022-1586

Summary

CVE	CVE-2022-1586
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-05-16 21:15:00 UTC
Updated	2023-11-07 03:42:00 UTC
Description	An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Application	Pcre	Pcre2	All	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	9.0	All	All	All

References

Reference	Source	Link	Tags
June 2022 PCRE Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[SECURITY] Fedora 36 Update: mingw-pcre2-10.40-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: mingw-pcre2-10.40-1.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 35 Update: pcre2-10.40-1.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 36 Update: pcre2-10.40-1.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5...	MISC	github.com
[SECURITY] Fedora 35 Update: pcre2-10.40-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: mingw-pcre2-10.40-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Invalid Bug ID		bugzilla.redhat.com
Invalid Bug ID	MISC	bugzilla.redhat.com
[SECURITY] [DLA 3363-1] pcre2 security update	MLIST	lists.debian.org
[SECURITY] Fedora 36 Update: pcre2-10.40-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5...		github.com
[SECURITY] Fedora 35 Update: mingw-pcre2-10.40-1.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Fix incorrect value reading in JIT. · PCRE2Project/pcre2@d4fa336 · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159942 Oracle Enterprise Linux Security Update for pcre2 (ELSA-2022-5251)
160011 Oracle Enterprise Linux Security Update for pcre2 (ELSA-2022-5809)
181024 Debian Security Update for pcre2 (CVE-2022-1586)
181631 Debian Security Update for pcre2 (DLA 3363-1)
198955 Ubuntu Security Notification for PCRE Vulnerabilities (USN-5627-1)
20270 Oracle Database 21c Critical Patch Update - October 2022
20271 Oracle Database 19c Critical Patch Update - October 2022
20272 Oracle Database 19c Critical OJVM Patch Update - October 2022
240496 Red Hat Update for pcre2 (RHSA-2022:5251)
240583 Red Hat Update for pcre2 (RHSA-2022:5809)
282694 Fedora Security Update for pcre2 (FEDORA-2022-e56085ba31)
282765 Fedora Security Update for pcre2 (FEDORA-2022-a3edad0ab6)
282781 Fedora Security Update for mingw (FEDORA-2022-19f4c34184)
282783 Fedora Security Update for mingw (FEDORA-2022-9c9691d058)
354108 Amazon Linux Security Advisory for pcre2 : ALAS2-2022-1871
354322 Amazon Linux Security Advisory for pcre2 : ALAS2022-2022-191
354440 Amazon Linux Security Advisory for pcre2 : ALAS2022-2022-071
355113 Amazon Linux Security Advisory for pcre2 : ALAS2023-2023-045
377402 Alibaba Cloud Linux Security Update for pcre2 (ALINUX3-SA-2022:0149)
501468 Alpine Linux Security Update for pcre2
501988 Alpine Linux Security Update for pcre2
504277 Alpine Linux Security Update for pcre2
671872 EulerOS Security Update for pcre (EulerOS-SA-2022-1944)
671883 EulerOS Security Update for pcre2 (EulerOS-SA-2022-1945)
672035 EulerOS Security Update for pcre2 (EulerOS-SA-2022-2260)
672057 EulerOS Security Update for pcre2 (EulerOS-SA-2022-2247)
672066 EulerOS Security Update for pcre2 (EulerOS-SA-2022-2276)
672090 EulerOS Security Update for pcre2 (EulerOS-SA-2022-2301)
672120 EulerOS Security Update for pcre2 (EulerOS-SA-2022-2330)
752176 SUSE Enterprise Linux Security Update for pcre2 (SUSE-SU-2022:1836-1)
752187 SUSE Enterprise Linux Security Update for pcre2 (SUSE-SU-2022:1883-1)
752328 SUSE Enterprise Linux Security Update for pcre (SUSE-SU-2022:2334-1)
752338 SUSE Enterprise Linux Security Update for pcre2 (SUSE-SU-2022:2360-1)
752342 SUSE Enterprise Linux Security Update for pcre (SUSE-SU-2022:2361-1)
901995 Common Base Linux Mariner (CBL-Mariner) Security Update for pcre2 (9766)
902185 Common Base Linux Mariner (CBL-Mariner) Security Update for pcre2 (9766-1)
940610 AlmaLinux Security Update for pcre2 (ALSA-2022:5809)
960217 Rocky Linux Security Update for pcre2 (RLSA-2022:5809)
960486 Rocky Linux Security Update for pcre2 (RLSA-2022:5251)