Search for vulnerabilities
Vulnerability details: VCID-mp42-affv-aaad
Vulnerability ID VCID-mp42-affv-aaad
Aliases CVE-2022-1587
Summary An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
Status Published
Exploitability 0.5
Weighted Severity 8.2
Risk 4.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-125 Out-of-bounds Read
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5251
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1587.json
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00248 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00248 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00248 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00248 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00248 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00255 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00255 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
epss 0.00656 https://api.first.org/data/v1/epss?cve=CVE-2022-1587
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2077983
cvssv3.1 8.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1587
cvssv3 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1587
cvssv3.1 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1587
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1587.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1587
https://bugzilla.redhat.com/show_bug.cgi?id=2077983,
https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://security.netapp.com/advisory/ntap-20221028-0009/
1011954 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011954
2077983 https://bugzilla.redhat.com/show_bug.cgi?id=2077983
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre2:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2022-1587 https://nvd.nist.gov/vuln/detail/CVE-2022-1587
RHSA-2022:5251 https://access.redhat.com/errata/RHSA-2022:5251
USN-5627-1 https://usn.ubuntu.com/5627-1/
USN-USN-5627-2 https://usn.ubuntu.com/USN-5627-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1587.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1587
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1587
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1587
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.31416
EPSS Score 0.00114
Published At May 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.