OESA-2022-1686
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1686
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1686.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1686
- Upstream
- Published
- 2022-06-02T11:03:50Z
- Modified
- 2025-08-12T05:11:35.403548Z
- Summary
- pcre2 security update
- Details
-
PCRE2 is a re-working of the original PCRE1 library to provide an entirely new API. Since its initial release in 2015, there has been further development of the code and it now differs from PCRE1 in more than just the API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which processes strings of 16-bit values, and one for the 32-bit library, which processes strings of 32-bit values. Unlike PCRE1, there are no C++ wrappers.
Security Fix(es):
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath() function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.(CVE-2022-1586)
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength() function of the pcre2jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.(CVE-2022-1587)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP1 / pcre2
Package
- Name
- pcre2
- Purl
- pkg:rpm/openEuler/pcre2&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.35-2.oe1
Ecosystem specific
{
"aarch64": [
"pcre2-10.35-2.oe1.aarch64.rpm",
"pcre2-devel-10.35-2.oe1.aarch64.rpm",
"pcre2-debugsource-10.35-2.oe1.aarch64.rpm",
"pcre2-debuginfo-10.35-2.oe1.aarch64.rpm"
],
"noarch": [
"pcre2-help-10.35-2.oe1.noarch.rpm"
],
"x86_64": [
"pcre2-10.35-2.oe1.x86_64.rpm",
"pcre2-debuginfo-10.35-2.oe1.x86_64.rpm",
"pcre2-devel-10.35-2.oe1.x86_64.rpm",
"pcre2-debugsource-10.35-2.oe1.x86_64.rpm"
],
"src": [
"pcre2-10.35-2.oe1.src.rpm"
]
}
openEuler:20.03-LTS-SP3 / pcre2
Package
- Name
- pcre2
- Purl
- pkg:rpm/openEuler/pcre2&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.35-2.oe1
Ecosystem specific
{
"aarch64": [
"pcre2-debuginfo-10.35-2.oe1.aarch64.rpm",
"pcre2-debugsource-10.35-2.oe1.aarch64.rpm",
"pcre2-devel-10.35-2.oe1.aarch64.rpm",
"pcre2-10.35-2.oe1.aarch64.rpm"
],
"noarch": [
"pcre2-help-10.35-2.oe1.noarch.rpm"
],
"x86_64": [
"pcre2-debugsource-10.35-2.oe1.x86_64.rpm",
"pcre2-10.35-2.oe1.x86_64.rpm",
"pcre2-devel-10.35-2.oe1.x86_64.rpm",
"pcre2-debuginfo-10.35-2.oe1.x86_64.rpm"
],
"src": [
"pcre2-10.35-2.oe1.src.rpm"
]
}
openEuler:22.03-LTS / pcre2
Package
- Name
- pcre2
- Purl
- pkg:rpm/openEuler/pcre2&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.39-2.oe2203
Ecosystem specific
{
"aarch64": [
"pcre2-debuginfo-10.39-2.oe2203.aarch64.rpm",
"pcre2-debugsource-10.39-2.oe2203.aarch64.rpm",
"pcre2-10.39-2.oe2203.aarch64.rpm",
"pcre2-devel-10.39-2.oe2203.aarch64.rpm"
],
"noarch": [
"pcre2-help-10.39-2.oe2203.noarch.rpm"
],
"x86_64": [
"pcre2-10.39-2.oe2203.x86_64.rpm",
"pcre2-devel-10.39-2.oe2203.x86_64.rpm",
"pcre2-debugsource-10.39-2.oe2203.x86_64.rpm",
"pcre2-debuginfo-10.39-2.oe2203.x86_64.rpm"
],
"src": [
"pcre2-10.39-2.oe2203.src.rpm"
]
}