CVE-2022-1587

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1587
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1587.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-1587
Downstream
Related
Published
2022-05-16T21:15:07Z
Modified
2025-09-19T13:32:34.872760Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength() function of the pcre2jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

References

Affected packages

Alpine:v3.13

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.36-r1

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0

Alpine:v3.14

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.36-r1

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0

Alpine:v3.15

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r0

Alpine:v3.16

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r0

Alpine:v3.17

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r0

Alpine:v3.18

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r0

Alpine:v3.19

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r0

Alpine:v3.20

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r0

Alpine:v3.21

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r0

Alpine:v3.22

pcre2

Package

Name
pcre2
Purl
pkg:apk/alpine/pcre2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.40-r0

Affected versions

10.*

10.21-r0
10.22-r0
10.23-r0
10.23-r1
10.30-r0
10.31-r0
10.32-r0
10.32-r1
10.32-r2
10.33-r0
10.34-r0
10.34-r1
10.35-r0
10.35-r1
10.36-r0
10.37-r0
10.38-r0
10.38-r1
10.39-r0

Git

github.com/pcre2project/pcre2

Affected ranges

Type
GIT
Repo
https://github.com/pcre2project/pcre2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
03654e751e7f0700693526b67dfcadda6b42c9d0

Affected versions

pcre2-10.*

pcre2-10.38
pcre2-10.38-RC1
pcre2-10.39

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-1587-0d5d5692",
            "signature_type": "Function",
            "target": {
                "file": "src/pcre2_jit_compile.c",
                "function": "jit_compile"
            },
            "digest": {
                "function_hash": "144767720101559416541748553680728635557",
                "length": 20446.0
            },
            "source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2022-1587-222685a2",
            "signature_type": "Line",
            "target": {
                "file": "src/pcre2_jit_test.c"
            },
            "digest": {
                "line_hashes": [
                    "22770279088752271375294352305580539938",
                    "222134500011686028817071952723209485997",
                    "272373479679973431417731673516034535409",
                    "317408866230594614840204148073823654591"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2022-1587-2d5d23f9",
            "signature_type": "Line",
            "target": {
                "file": "src/pcre2_jit_compile.c"
            },
            "digest": {
                "line_hashes": [
                    "274416707501941346751462617595098758703",
                    "241223988584682129471295631698289148133",
                    "305316648266531113083684165489558263309",
                    "112112069022578709329335095009439150685",
                    "47136223908362029738557867256244568644",
                    "241419782900917191028721326630266144309",
                    "245897185203905648146469239892109617890",
                    "118867319811990305476756826288604830495",
                    "175371106544585651500232018489900679658",
                    "181064202383780804354958659629152535902",
                    "315153019390217534807772685148661476364",
                    "327561686601939927091115107608878758746",
                    "163671706714996750865791541818246422254",
                    "321407101463315715581854423045574573979",
                    "70471318719963955919096922565959776077",
                    "56310596885994475402695948566871585144",
                    "198748668893901687650225279000673858560",
                    "309506680963990039267882302469391956422",
                    "233609030856371122245788674250380511193",
                    "206593034728511358354466138818125498682",
                    "288277529620329058159314571603952388297",
                    "78424162418329870549138762076740963983",
                    "277317409832381285800131816036562179929",
                    "328781866164937586680283946143008127710",
                    "64840516204990396532759333149714718346",
                    "31057074899027615834048156819338335454",
                    "83887443727228173948462465432303291348",
                    "275306530965509656904578373404101068679",
                    "71117089507313280588323548923287656788",
                    "212479571026810859178437777802852454083",
                    "217838493276811222551346522365460446272",
                    "312625130051287086470544182558787049480",
                    "226385621869845832835114295686736972300",
                    "163357324628635447642472778256563131064",
                    "22618487967061312389905930369045685136",
                    "301324814186663674657083352167152110230",
                    "63813265983240703237493299296260886328",
                    "315742396632096033338333246559455490065",
                    "282955686008572440532155850585577123550",
                    "91702411241396978769273136005953590499",
                    "265728517666840370164651483457637202074",
                    "67278300453863980822361142957831206714",
                    "146109713661758136487413592357049088578",
                    "275403323607581949990716030696757054039",
                    "150243045963920327499996604362478252409",
                    "18223225682419661569269925143449396026",
                    "266647934952098586600544806264876582635",
                    "43542426931680669906568637552986738432",
                    "328131003192128434846477218268189979756",
                    "207752967622967930330789677978520750285",
                    "77038580504235552172789196351563349955",
                    "198096475767048892576003095339051098270",
                    "171547334348571908995422886361956092782",
                    "173119944821567567083555907680074828119",
                    "194486582898879843978877433811805695788",
                    "125084784436939224629143081103522014964",
                    "113842805933222227620757571831444854649",
                    "314396152064646696905071936639958476724",
                    "4019136111580684534616365766421922318",
                    "155708276286817564501696623966161225080",
                    "193823712465266879279168902196083195876",
                    "280186348010346293034004327012718784708",
                    "17674045146336214781160450326441020750",
                    "21798932179167161010350974668251600654",
                    "293003872430998814878349021439085570793",
                    "191074702422601450055153453026689618104",
                    "239748055859317907846355851347844119772",
                    "334743665649209032576655053453472541002",
                    "43315810599448911777011676657398261861",
                    "29176029171165179175941451104845368667",
                    "270735988460359135413725801033058473086",
                    "252923857116304504621195679023580531258",
                    "167584016641615292396323944460694101553",
                    "1036232751915561580017256658752355825",
                    "86636951822371231592083009432691738973",
                    "59067871333770559389461862082595331687",
                    "17391970179210422682193536664524917773",
                    "57027584747834122068579037526739618082",
                    "138821986858172190633335976978216804971",
                    "142292026740597156924464814657645187839",
                    "99837064260100053863291721236378590254",
                    "37195796200264247278306577683475239704",
                    "280122732276905478931058963977413361151",
                    "6365760295817349520628588810078423231",
                    "127751891121676274985440530623418040877",
                    "132554007948358831623606149672237803993",
                    "126017382125708070387745704454716561617",
                    "70686255266376032006346629090802701711",
                    "264775816203402755302079320456366590562",
                    "74846494277512377494203537628535425453",
                    "193086404611479186857831746153914550540",
                    "70160548519337098131680183607238969229",
                    "289098464470538228632642975581469926080",
                    "112188558824981060654305365941510028258",
                    "223364015751443607185919670478896317944",
                    "31338813374234187254730936642317954975",
                    "244234627015224967584607896098249318977",
                    "84016425146956144532658612885199891413",
                    "216873189805676917910215038476145317363",
                    "311300679691201707483073326606934850483",
                    "173008265745316467471760750442085711558",
                    "32744126362161338518650817689846349027",
                    "330369769037741647422597294177069217515",
                    "56310596885994475402695948566871585144",
                    "198748668893901687650225279000673858560",
                    "309506680963990039267882302469391956422",
                    "233609030856371122245788674250380511193",
                    "141601519714803729208297050571178711733",
                    "193462679068034245890175265581593667834",
                    "23389199830853739772010389748677816266",
                    "240461048916311919662880421188478940777",
                    "552736074187606100726853450164012880",
                    "178657482444163250499670517553510911989",
                    "104584285457702090357813540338737702075",
                    "95573765655324539150834969747685187767",
                    "115372892579135990288499242263934049247",
                    "37131223708396850884636193091132884496",
                    "23159105919621149931361119521971387304",
                    "110732173987713588263993947609319409422",
                    "198244671379079456798953629959433858301",
                    "266082680706631425822819071153978181995",
                    "278122147483868278787215885956289799758",
                    "95573765655324539150834969747685187767",
                    "115372892579135990288499242263934049247",
                    "305269812380198575282052167187428627601",
                    "74686006567136055606803950029034091448",
                    "96965252061332702900675404447303599992",
                    "278227639435177190498920694234819354121",
                    "272456627220553797732244400540860429759",
                    "65721829845774053053635650373409560595",
                    "13305865168690599753569804574739071029",
                    "314748854185399324895723520216261273134",
                    "12163909007807398655467064503418110888",
                    "34271638157525374989794712997700909296",
                    "284177421336861119533440666895281154260",
                    "166118825714456645341148221804424531504",
                    "313730127933391304254195710332046337164",
                    "6927836353878874770151214591377619470",
                    "139949401987775037640865989097040578239",
                    "287210971662804019412679847143732556865",
                    "64840516204990396532759333149714718346",
                    "31057074899027615834048156819338335454",
                    "210175781343285616442944072414702785522",
                    "190990779884844772668932374974939742172",
                    "51234271597997709828489948292456730242",
                    "221316147233118695697678816651029034632",
                    "230950525401257582291408971875688317421",
                    "103203604465409768471572860928597269262",
                    "166601619703103668531954341251312786221",
                    "232941187911465219956611415942465062134",
                    "36348659966026320885244798239089657175",
                    "5972211797397301223625829818344577190",
                    "301324814186663674657083352167152110230",
                    "216428124749544429107250103675378770701",
                    "29513769272208306529498152785441918383",
                    "26842743883217847678533777205254503292",
                    "25540258592408176782969272161222137327",
                    "52203699507740615916099452458088416842",
                    "310044171933279455555154523841912435078",
                    "45034080282755228890738258311461579071",
                    "10139703439747147875103529988308543363",
                    "29203307361408404505034149482932181721",
                    "264723822127150722765085657934707553984",
                    "171190489747874407823961439777251351655",
                    "47103840875616119044196617119830330256",
                    "17414747671541115711672049272921522985",
                    "28149682684266176130258862086232708332",
                    "30830641414972916279997630938733054767",
                    "47416935469419808169552314106912933375",
                    "209924244811845737572367150673452272231",
                    "201464381036386285362192710123740493894",
                    "150243045963920327499996604362478252409",
                    "337774913115773518283502279651914575762",
                    "252738008568438574928822133505907363703",
                    "330708112756346518362800896598572558613",
                    "25540258592408176782969272161222137327",
                    "52203699507740615916099452458088416842",
                    "310044171933279455555154523841912435078",
                    "45034080282755228890738258311461579071",
                    "10139703439747147875103529988308543363",
                    "29203307361408404505034149482932181721",
                    "264723822127150722765085657934707553984",
                    "211014809668707982238675705431089127227",
                    "238808367958000239108289260640223661593",
                    "170229245590703461988295806579109475552",
                    "334348010946665217301522557038470484152",
                    "71014230789069605489257993770505057692",
                    "83688323397527392101455483897635531879",
                    "324512397269549261380865312888749582175",
                    "118329891627146691694717969740255877540",
                    "200568708545250015840003349089424206387",
                    "60121424850026073270391083310702887840",
                    "188224080374970914538944611733850272782",
                    "332228745059307843107175675122291360663",
                    "279774083668173902725770176769883165998",
                    "57095314319135237801949311478969801700",
                    "260149040334591414395038398660458343238",
                    "144577851708665158585741086962240099363",
                    "200568708545250015840003349089424206387",
                    "300070889728830793676710375545737359834",
                    "127350909791598351338913338419998902640",
                    "276973740032826563612576089713648956472",
                    "109290780407182252501969303899800854821",
                    "16732127983839853542095147669290188048",
                    "328647861905511315744008295969525039410",
                    "14807847219646584801500782653188920458",
                    "316651093969231725365407489849317188384",
                    "71235043150255781947680101258299089693",
                    "117833033096302184839071211798791849802",
                    "128093657657882147647359730331836081994",
                    "148670771505541403062687531050135348041",
                    "142273079738865715731310941492828478829",
                    "164669997689179338435168003768942654958",
                    "14807847219646584801500782653188920458",
                    "316651093969231725365407489849317188384",
                    "71235043150255781947680101258299089693",
                    "213217905876195562325279567294234793070",
                    "21695819657715141846194326594545141179",
                    "93102377033147777018091225618931638951",
                    "325434840580167794235158203326625343715",
                    "96291906872018583565392135501610074271",
                    "144577851708665158585741086962240099363",
                    "200568708545250015840003349089424206387",
                    "161762009819551607828611892994482913597",
                    "126436863146669774499820426149723814398",
                    "141075159050225483678134676030253818450",
                    "271351177495966166689060325846103529474",
                    "203033305648240597096605959245106607347",
                    "222118342667723770249794176661039517994",
                    "14807847219646584801500782653188920458",
                    "267724286042131330382608471418014885276",
                    "252893387217133802473897183409211169419",
                    "93981980918137624338464644534381048399",
                    "302855254290117502159563226363460934034",
                    "300177241684087414038913320656607992148",
                    "33483281267979523898572929907164910282",
                    "183006988982331968757980124736266187924",
                    "50808693202173308008836245638289408252",
                    "14807847219646584801500782653188920458",
                    "267724286042131330382608471418014885276",
                    "252893387217133802473897183409211169419",
                    "47005377473302114301473572766926238766",
                    "173362648623996393670830268804266275564",
                    "162493702861489843141206591717041035475",
                    "305651490174339192265308497159484206650",
                    "170342132042329110419687175931644285163",
                    "275060094346331986403886198650318091820",
                    "72128767768986603128782236179355766418",
                    "270070158518408736836980199820570605108",
                    "254702936844691124138362131398565207567",
                    "232336754640342442505055671050194701231",
                    "49939356470873161086909914603761057594",
                    "186140142423975171583130267571611642874",
                    "122432486445540139857385769243647234388",
                    "186049360056010748211949098400791378849",
                    "326137827553991641469726873023409241551",
                    "331588927252650377135332752992055272079",
                    "192480965118775347228569680398204005981",
                    "17805376944305659363614744010100784747",
                    "327595583743961497918834073463250511429",
                    "306083135721835700936676567213115077042",
                    "76654310781426562591275365888822059701",
                    "333460130677704106093128960370966490802",
                    "215507206841305373594935974979407362157",
                    "337570314552981900140133824600337406061",
                    "313750004004499453889667411323370015174",
                    "128933100504569133455888604841029247391",
                    "243884687540292126979583989920331294756",
                    "172931875279579615435113058575661417686",
                    "217123804117311640561116782776985084383",
                    "270524943502214931139841744299355386187",
                    "236919519569941156647398054382500777509",
                    "139307261133406361847381993511290872301",
                    "215507206841305373594935974979407362157",
                    "337570314552981900140133824600337406061",
                    "240830584477700584765383787558720413175",
                    "293025906598161832433862299212349192040",
                    "274564330171951590035568346053833878151",
                    "68060443363934126818593360008873958825",
                    "31410337861373165128909685750045635476",
                    "87800783824638748579087031284622848283",
                    "294546500852775247338817610194734813590",
                    "139985692968207560939585070651544135955",
                    "216854071763131496308312160602618104308",
                    "173666500299023196024802697053821990146",
                    "295796680345916905090490345464268099122",
                    "267384489025648968689996377945153501260",
                    "297991683014089418667389856976786155847",
                    "10642629441311529544718810601755942680",
                    "182429506453893620538221748760448673215",
                    "64615873354124283741329403787566749920",
                    "113321477457189377167272507318470731930",
                    "318895791421909273800022995466419452903",
                    "76186931680521137014287346719797280900",
                    "266054451084578792846055616398190694191",
                    "48388782207253823970028310197894939334",
                    "223440727826030472996816360867831811631",
                    "121475699892725864973675686804393754530",
                    "219363670665595438402761917900705436986",
                    "33490781458634018264935597360999477379",
                    "225961593346319315188628521419743059821",
                    "28996266794856780930047361934347051774",
                    "321806923441710288118603276508292653885",
                    "162450894684655437840056151127644913053"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2022-1587-5bec89bb",
            "signature_type": "Function",
            "target": {
                "file": "src/pcre2_jit_compile.c",
                "function": "copy_recurse_data"
            },
            "digest": {
                "function_hash": "315632375791619107257374727559463357700",
                "length": 8524.0
            },
            "source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2022-1587-8b025b96",
            "signature_type": "Function",
            "target": {
                "file": "src/pcre2_jit_compile.c",
                "function": "get_recurse_data_length"
            },
            "digest": {
                "function_hash": "110581084567844379628282365240369689460",
                "length": 3942.0
            },
            "source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
            "signature_version": "v1",
            "deprecated": false
        }
    ]
}