Description
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | =10.45-1 || >=0 <10.46-1~deb13u1 | 10.46-1~deb13u1 |
debian 14 | | =10.45-1 || =10.46-1~deb13u1 || >=0 <10.46-1 | 10.46-1 |
 alpine v3.22 | | =10.21-r0 || =10.22-r0 || =10.23-r0 || =10.23-r1 || =10.30-r0 || =10.31-r0 || =10.32-r0 || =10.32-r1 || =10.32-r2 || =10.33-r0 || =10.34-r0 || =10.34-r1 || =10.35-r0 || =10.35-r1 || =10.36-r0 || =10.37-r0 || =10.38-r0 || =10.38-r1 || =10.39-r0 || =10.40-r0 || =10.41-r0 || =10.41-r1 || =10.42-r0 || =10.42-r1 || =10.42-r2 || =10.42-r3 || =10.43-r0 || =10.43-r1 || =10.45-r0 || >=0 <10.46-r0 | 10.46-r0 |
alpine v3.23 | | =10.21-r0 || =10.22-r0 || =10.23-r0 || =10.23-r1 || =10.30-r0 || =10.31-r0 || =10.32-r0 || =10.32-r1 || =10.32-r2 || =10.33-r0 || =10.34-r0 || =10.34-r1 || =10.35-r0 || =10.35-r1 || =10.36-r0 || =10.37-r0 || =10.38-r0 || =10.38-r1 || =10.39-r0 || =10.40-r0 || =10.41-r0 || =10.41-r1 || =10.42-r0 || =10.42-r1 || =10.42-r2 || =10.42-r3 || =10.43-r0 || =10.43-r1 || =10.45-r0 || >=0 <10.46-r0 | 10.46-r0 |
