Search for vulnerabilities
Vulnerability details: VCID-dt72-wk6f-aaam
Vulnerability ID VCID-dt72-wk6f-aaam
Aliases CVE-2022-1586
Summary An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Status Published
Exploitability 0.5
Weighted Severity 8.2
Risk 4.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-125 Out-of-bounds Read
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5251
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5809
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1586.json
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00286 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00364 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00364 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
epss 0.01601 https://api.first.org/data/v1/epss?cve=CVE-2022-1586
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2077976
cvssv3.1 8.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1586
cvssv3 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1586
cvssv3.1 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1586
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1586.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1586
https://bugzilla.redhat.com/show_bug.cgi?id=2077976,
https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a,
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C
https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c
https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://security.netapp.com/advisory/ntap-20221028-0009/
1011954 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011954
2077976 https://bugzilla.redhat.com/show_bug.cgi?id=2077976
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2022-1586 https://nvd.nist.gov/vuln/detail/CVE-2022-1586
RHSA-2022:5251 https://access.redhat.com/errata/RHSA-2022:5251
RHSA-2022:5809 https://access.redhat.com/errata/RHSA-2022:5809
USN-5627-1 https://usn.ubuntu.com/5627-1/
USN-USN-5627-2 https://usn.ubuntu.com/USN-5627-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1586.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1586
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1586
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1586
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.49121
EPSS Score 0.00286
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.