{"id":"ALPINE-CVE-2022-1586","details":"An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.","modified":"2025-12-03T22:51:36.373567Z","published":"2022-05-16T21:15:07.793Z","upstream":["CVE-2022-1586"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2022-1586"}],"affected":[{"package":{"name":"pcre2","ecosystem":"Alpine:v3.13","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.36-r1"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.14","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.36-r1"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.15","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.16","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.17","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.18","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.19","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}},{"package":{"name":"pcre2","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/pcre2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.40-r0"}]}],"versions":["10.21-r0","10.22-r0","10.23-r0","10.23-r1","10.30-r0","10.31-r0","10.32-r0","10.32-r1","10.32-r2","10.33-r0","10.34-r0","10.34-r1","10.35-r0","10.35-r1","10.36-r0","10.37-r0","10.38-r0","10.38-r1","10.39-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1586.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}