Fluid Attacks Database

Description

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.18	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| =10.37-r0 \|\| =10.38-r0 \|\| =10.38-r1 \|\| =10.39-r0 \|\| >=0 <10.40-r0	10.40-r0
alpine v3.22	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| =10.37-r0 \|\| =10.38-r0 \|\| =10.38-r1 \|\| =10.39-r0 \|\| >=0 <10.40-r0	10.40-r0
debian 14	pcre2	>=0 <10.40-1	10.40-1
alpine v3.13	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| >=0 <10.36-r1	10.36-r1
alpine v3.14	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| >=0 <10.36-r1	10.36-r1
alpine v3.15	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| =10.37-r0 \|\| =10.38-r0 \|\| =10.38-r1 \|\| =10.39-r0 \|\| >=0 <10.40-r0	10.40-r0
alpine v3.16	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| =10.37-r0 \|\| =10.38-r0 \|\| =10.38-r1 \|\| =10.39-r0 \|\| >=0 <10.40-r0	10.40-r0
alpine v3.17	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| =10.37-r0 \|\| =10.38-r0 \|\| =10.38-r1 \|\| =10.39-r0 \|\| >=0 <10.40-r0	10.40-r0
alpine v3.19	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| =10.37-r0 \|\| =10.38-r0 \|\| =10.38-r1 \|\| =10.39-r0 \|\| >=0 <10.40-r0	10.40-r0
alpine v3.20	pcre2	=10.21-r0 \|\| =10.22-r0 \|\| =10.23-r0 \|\| =10.23-r1 \|\| =10.30-r0 \|\| =10.31-r0 \|\| =10.32-r0 \|\| =10.32-r1 \|\| =10.32-r2 \|\| =10.33-r0 \|\| =10.34-r0 \|\| =10.34-r1 \|\| =10.35-r0 \|\| =10.35-r1 \|\| =10.36-r0 \|\| =10.37-r0 \|\| =10.38-r0 \|\| =10.38-r1 \|\| =10.39-r0 \|\| >=0 <10.40-r0	10.40-r0

1-10 of 17

Aliases

1. CVE-2022-15862. NVD-2022-15863. OSV-ALPINE-2022-15864. OSV-2022-15865. OSV-DEBIAN-2022-15866. SECURITY-CVE-2022-15867. SECURITY-TRACKER-CVE-2022-1586

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.