CLSA-2026-1777454082 pcre2: Fix of 2 CVEs

CVE-2022-1586: fix out-of-bounds read in JIT compilexclassmatchingpath - CVE-2022-41409: diagnose negative repeat value in pcre2test...

OSV-2026-145 Heap-buffer-overflow in pcre2_compile_32

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=478301105 Crash type: Heap-buffer-overflow WRITE 4 Crash state: pcre2compile32 pcre2fuzzsupport.c...

MiracleLinux 9 : pcre2-10.37-5.el9 (AXSA:2022-3985:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3985:02 advisory. pcre2: Out-of-bounds read in compilexclassmatchingpath in pcre2jitcompile.c CVE-2022-1586 pcre2: Out-of-bounds read in getrecursedatalength in...

openSUSE 16 Security Update : dovecot24 (openSUSE-SU-2025-20113-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025-20113-1 advisory. - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled bsc1252839 - Changes - auth: Remove...

Fedora 42 : pcre2 (2025-5905c468d2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-5905c468d2 advisory. Fix for CVE-2025-58050 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Ubuntu 25.04 : PCRE2 vulnerability (USN-7777-1)

The remote Ubuntu 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7777-1 advisory. It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose...

UBUNTU-CVE-2025-58050

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

CVE-2025-58050 PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

SUSE CVE-2015-3217

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service stack-based buffer overflow via a crafted regular expression, as demonstrated by /^?:?1\.|^\\W?++$/...

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

...

UBUNTU-CVE-2022-1586

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...

PT-2022-6592 · Pcre2 +8 · Pcre2 +8

Name of the Vulnerable Software and Affected Versions: PCRE2 affected versions not specified Description: The issue is related to an out-of-bounds read vulnerability in the PCRE2 library, specifically in the get recurse data length function of the pcre2 jit compile.c file. This vulnerability...