CVE-2022-1587
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-1587
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1587.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-1587
- Downstream
- Related
- Published
- 2022-05-16T21:15:07Z
- Modified
- 2025-10-15T13:35:49.410818Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength() function of the pcre2jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
- References
-
- https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- https://security.netapp.com/advisory/ntap-20221028-0009/
- https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C
- https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
Affected packages
Git / github.com/pcre2project/pcre2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pcre2project/pcre2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2022-1587-0d5d5692",
"source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "jit_compile",
"file": "src/pcre2_jit_compile.c"
},
"digest": {
"function_hash": "144767720101559416541748553680728635557",
"length": 20446.0
}
},
{
"signature_type": "Line",
"id": "CVE-2022-1587-222685a2",
"source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/pcre2_jit_test.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"22770279088752271375294352305580539938",
"222134500011686028817071952723209485997",
"272373479679973431417731673516034535409",
"317408866230594614840204148073823654591"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2022-1587-2d5d23f9",
"source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/pcre2_jit_compile.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"274416707501941346751462617595098758703",
"241223988584682129471295631698289148133",
"305316648266531113083684165489558263309",
"112112069022578709329335095009439150685",
"47136223908362029738557867256244568644",
"241419782900917191028721326630266144309",
"245897185203905648146469239892109617890",
"118867319811990305476756826288604830495",
"175371106544585651500232018489900679658",
"181064202383780804354958659629152535902",
"315153019390217534807772685148661476364",
"327561686601939927091115107608878758746",
"163671706714996750865791541818246422254",
"321407101463315715581854423045574573979",
"70471318719963955919096922565959776077",
"56310596885994475402695948566871585144",
"198748668893901687650225279000673858560",
"309506680963990039267882302469391956422",
"233609030856371122245788674250380511193",
"206593034728511358354466138818125498682",
"288277529620329058159314571603952388297",
"78424162418329870549138762076740963983",
"277317409832381285800131816036562179929",
"328781866164937586680283946143008127710",
"64840516204990396532759333149714718346",
"31057074899027615834048156819338335454",
"83887443727228173948462465432303291348",
"275306530965509656904578373404101068679",
"71117089507313280588323548923287656788",
"212479571026810859178437777802852454083",
"217838493276811222551346522365460446272",
"312625130051287086470544182558787049480",
"226385621869845832835114295686736972300",
"163357324628635447642472778256563131064",
"22618487967061312389905930369045685136",
"301324814186663674657083352167152110230",
"63813265983240703237493299296260886328",
"315742396632096033338333246559455490065",
"282955686008572440532155850585577123550",
"91702411241396978769273136005953590499",
"265728517666840370164651483457637202074",
"67278300453863980822361142957831206714",
"146109713661758136487413592357049088578",
"275403323607581949990716030696757054039",
"150243045963920327499996604362478252409",
"18223225682419661569269925143449396026",
"266647934952098586600544806264876582635",
"43542426931680669906568637552986738432",
"328131003192128434846477218268189979756",
"207752967622967930330789677978520750285",
"77038580504235552172789196351563349955",
"198096475767048892576003095339051098270",
"171547334348571908995422886361956092782",
"173119944821567567083555907680074828119",
"194486582898879843978877433811805695788",
"125084784436939224629143081103522014964",
"113842805933222227620757571831444854649",
"314396152064646696905071936639958476724",
"4019136111580684534616365766421922318",
"155708276286817564501696623966161225080",
"193823712465266879279168902196083195876",
"280186348010346293034004327012718784708",
"17674045146336214781160450326441020750",
"21798932179167161010350974668251600654",
"293003872430998814878349021439085570793",
"191074702422601450055153453026689618104",
"239748055859317907846355851347844119772",
"334743665649209032576655053453472541002",
"43315810599448911777011676657398261861",
"29176029171165179175941451104845368667",
"270735988460359135413725801033058473086",
"252923857116304504621195679023580531258",
"167584016641615292396323944460694101553",
"1036232751915561580017256658752355825",
"86636951822371231592083009432691738973",
"59067871333770559389461862082595331687",
"17391970179210422682193536664524917773",
"57027584747834122068579037526739618082",
"138821986858172190633335976978216804971",
"142292026740597156924464814657645187839",
"99837064260100053863291721236378590254",
"37195796200264247278306577683475239704",
"280122732276905478931058963977413361151",
"6365760295817349520628588810078423231",
"127751891121676274985440530623418040877",
"132554007948358831623606149672237803993",
"126017382125708070387745704454716561617",
"70686255266376032006346629090802701711",
"264775816203402755302079320456366590562",
"74846494277512377494203537628535425453",
"193086404611479186857831746153914550540",
"70160548519337098131680183607238969229",
"289098464470538228632642975581469926080",
"112188558824981060654305365941510028258",
"223364015751443607185919670478896317944",
"31338813374234187254730936642317954975",
"244234627015224967584607896098249318977",
"84016425146956144532658612885199891413",
"216873189805676917910215038476145317363",
"311300679691201707483073326606934850483",
"173008265745316467471760750442085711558",
"32744126362161338518650817689846349027",
"330369769037741647422597294177069217515",
"56310596885994475402695948566871585144",
"198748668893901687650225279000673858560",
"309506680963990039267882302469391956422",
"233609030856371122245788674250380511193",
"141601519714803729208297050571178711733",
"193462679068034245890175265581593667834",
"23389199830853739772010389748677816266",
"240461048916311919662880421188478940777",
"552736074187606100726853450164012880",
"178657482444163250499670517553510911989",
"104584285457702090357813540338737702075",
"95573765655324539150834969747685187767",
"115372892579135990288499242263934049247",
"37131223708396850884636193091132884496",
"23159105919621149931361119521971387304",
"110732173987713588263993947609319409422",
"198244671379079456798953629959433858301",
"266082680706631425822819071153978181995",
"278122147483868278787215885956289799758",
"95573765655324539150834969747685187767",
"115372892579135990288499242263934049247",
"305269812380198575282052167187428627601",
"74686006567136055606803950029034091448",
"96965252061332702900675404447303599992",
"278227639435177190498920694234819354121",
"272456627220553797732244400540860429759",
"65721829845774053053635650373409560595",
"13305865168690599753569804574739071029",
"314748854185399324895723520216261273134",
"12163909007807398655467064503418110888",
"34271638157525374989794712997700909296",
"284177421336861119533440666895281154260",
"166118825714456645341148221804424531504",
"313730127933391304254195710332046337164",
"6927836353878874770151214591377619470",
"139949401987775037640865989097040578239",
"287210971662804019412679847143732556865",
"64840516204990396532759333149714718346",
"31057074899027615834048156819338335454",
"210175781343285616442944072414702785522",
"190990779884844772668932374974939742172",
"51234271597997709828489948292456730242",
"221316147233118695697678816651029034632",
"230950525401257582291408971875688317421",
"103203604465409768471572860928597269262",
"166601619703103668531954341251312786221",
"232941187911465219956611415942465062134",
"36348659966026320885244798239089657175",
"5972211797397301223625829818344577190",
"301324814186663674657083352167152110230",
"216428124749544429107250103675378770701",
"29513769272208306529498152785441918383",
"26842743883217847678533777205254503292",
"25540258592408176782969272161222137327",
"52203699507740615916099452458088416842",
"310044171933279455555154523841912435078",
"45034080282755228890738258311461579071",
"10139703439747147875103529988308543363",
"29203307361408404505034149482932181721",
"264723822127150722765085657934707553984",
"171190489747874407823961439777251351655",
"47103840875616119044196617119830330256",
"17414747671541115711672049272921522985",
"28149682684266176130258862086232708332",
"30830641414972916279997630938733054767",
"47416935469419808169552314106912933375",
"209924244811845737572367150673452272231",
"201464381036386285362192710123740493894",
"150243045963920327499996604362478252409",
"337774913115773518283502279651914575762",
"252738008568438574928822133505907363703",
"330708112756346518362800896598572558613",
"25540258592408176782969272161222137327",
"52203699507740615916099452458088416842",
"310044171933279455555154523841912435078",
"45034080282755228890738258311461579071",
"10139703439747147875103529988308543363",
"29203307361408404505034149482932181721",
"264723822127150722765085657934707553984",
"211014809668707982238675705431089127227",
"238808367958000239108289260640223661593",
"170229245590703461988295806579109475552",
"334348010946665217301522557038470484152",
"71014230789069605489257993770505057692",
"83688323397527392101455483897635531879",
"324512397269549261380865312888749582175",
"118329891627146691694717969740255877540",
"200568708545250015840003349089424206387",
"60121424850026073270391083310702887840",
"188224080374970914538944611733850272782",
"332228745059307843107175675122291360663",
"279774083668173902725770176769883165998",
"57095314319135237801949311478969801700",
"260149040334591414395038398660458343238",
"144577851708665158585741086962240099363",
"200568708545250015840003349089424206387",
"300070889728830793676710375545737359834",
"127350909791598351338913338419998902640",
"276973740032826563612576089713648956472",
"109290780407182252501969303899800854821",
"16732127983839853542095147669290188048",
"328647861905511315744008295969525039410",
"14807847219646584801500782653188920458",
"316651093969231725365407489849317188384",
"71235043150255781947680101258299089693",
"117833033096302184839071211798791849802",
"128093657657882147647359730331836081994",
"148670771505541403062687531050135348041",
"142273079738865715731310941492828478829",
"164669997689179338435168003768942654958",
"14807847219646584801500782653188920458",
"316651093969231725365407489849317188384",
"71235043150255781947680101258299089693",
"213217905876195562325279567294234793070",
"21695819657715141846194326594545141179",
"93102377033147777018091225618931638951",
"325434840580167794235158203326625343715",
"96291906872018583565392135501610074271",
"144577851708665158585741086962240099363",
"200568708545250015840003349089424206387",
"161762009819551607828611892994482913597",
"126436863146669774499820426149723814398",
"141075159050225483678134676030253818450",
"271351177495966166689060325846103529474",
"203033305648240597096605959245106607347",
"222118342667723770249794176661039517994",
"14807847219646584801500782653188920458",
"267724286042131330382608471418014885276",
"252893387217133802473897183409211169419",
"93981980918137624338464644534381048399",
"302855254290117502159563226363460934034",
"300177241684087414038913320656607992148",
"33483281267979523898572929907164910282",
"183006988982331968757980124736266187924",
"50808693202173308008836245638289408252",
"14807847219646584801500782653188920458",
"267724286042131330382608471418014885276",
"252893387217133802473897183409211169419",
"47005377473302114301473572766926238766",
"173362648623996393670830268804266275564",
"162493702861489843141206591717041035475",
"305651490174339192265308497159484206650",
"170342132042329110419687175931644285163",
"275060094346331986403886198650318091820",
"72128767768986603128782236179355766418",
"270070158518408736836980199820570605108",
"254702936844691124138362131398565207567",
"232336754640342442505055671050194701231",
"49939356470873161086909914603761057594",
"186140142423975171583130267571611642874",
"122432486445540139857385769243647234388",
"186049360056010748211949098400791378849",
"326137827553991641469726873023409241551",
"331588927252650377135332752992055272079",
"192480965118775347228569680398204005981",
"17805376944305659363614744010100784747",
"327595583743961497918834073463250511429",
"306083135721835700936676567213115077042",
"76654310781426562591275365888822059701",
"333460130677704106093128960370966490802",
"215507206841305373594935974979407362157",
"337570314552981900140133824600337406061",
"313750004004499453889667411323370015174",
"128933100504569133455888604841029247391",
"243884687540292126979583989920331294756",
"172931875279579615435113058575661417686",
"217123804117311640561116782776985084383",
"270524943502214931139841744299355386187",
"236919519569941156647398054382500777509",
"139307261133406361847381993511290872301",
"215507206841305373594935974979407362157",
"337570314552981900140133824600337406061",
"240830584477700584765383787558720413175",
"293025906598161832433862299212349192040",
"274564330171951590035568346053833878151",
"68060443363934126818593360008873958825",
"31410337861373165128909685750045635476",
"87800783824638748579087031284622848283",
"294546500852775247338817610194734813590",
"139985692968207560939585070651544135955",
"216854071763131496308312160602618104308",
"173666500299023196024802697053821990146",
"295796680345916905090490345464268099122",
"267384489025648968689996377945153501260",
"297991683014089418667389856976786155847",
"10642629441311529544718810601755942680",
"182429506453893620538221748760448673215",
"64615873354124283741329403787566749920",
"113321477457189377167272507318470731930",
"318895791421909273800022995466419452903",
"76186931680521137014287346719797280900",
"266054451084578792846055616398190694191",
"48388782207253823970028310197894939334",
"223440727826030472996816360867831811631",
"121475699892725864973675686804393754530",
"219363670665595438402761917900705436986",
"33490781458634018264935597360999477379",
"225961593346319315188628521419743059821",
"28996266794856780930047361934347051774",
"321806923441710288118603276508292653885",
"162450894684655437840056151127644913053"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2022-1587-5bec89bb",
"source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "copy_recurse_data",
"file": "src/pcre2_jit_compile.c"
},
"digest": {
"function_hash": "315632375791619107257374727559463357700",
"length": 8524.0
}
},
{
"signature_type": "Function",
"id": "CVE-2022-1587-8b025b96",
"source": "https://github.com/pcre2project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "get_recurse_data_length",
"file": "src/pcre2_jit_compile.c"
},
"digest": {
"function_hash": "110581084567844379628282365240369689460",
"length": 3942.0
}
}
]