Pcre2 Pcre2

Do you want an email whenever new security vulnerabilities are reported in Pcre2?

By the Year

In 2022 there have been 2 vulnerabilities in Pcre2 with an average score of 9.1 out of ten. Pcre2 did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 2 9.10
2021 0 0.00
2020 1 7.50
2019 0 0.00
2018 0 0.00

It may take a day or so for new Pcre2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pcre2 Security Vulnerabilities

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file

CVE-2022-1586 9.1 - Critical - May 16, 2022

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Out-of-bounds Read

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file

CVE-2022-1587 9.1 - Critical - May 16, 2022

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Out-of-bounds Read

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode

CVE-2019-20454 7.5 - High - February 14, 2020

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Pcre2 or by Pcre? Click the Watch button to subscribe.

Pcre
Vendor

Pcre2
Product

subscribe