{"id":"CVE-2022-41409","details":"Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.","modified":"2026-04-12T03:22:16.472707Z","published":"2023-07-18T14:15:12.197Z","related":["SUSE-SU-2023:3210-1","SUSE-SU-2023:3327-1","SUSE-SU-2023:3328-1"],"references":[{"type":"FIX","url":"https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35"},{"type":"EVIDENCE","url":"https://github.com/PCRE2Project/pcre2/issues/141"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pcre2project/pcre2","events":[{"introduced":"0"},{"fixed":"7c49b40e8aed10cc2667dd3c4b7bb692d13ade2a"},{"fixed":"94e1c001761373b7d9450768aa15d04c25547a35"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.41"}]}}],"versions":["pcre2-10.38","pcre2-10.38-RC1","pcre2-10.39","pcre2-10.40"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41409.json","vanir_signatures":[{"source":"https://github.com/pcre2project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2022-41409-0118e1b8","target":{"file":"src/pcre2test.c"},"digest":{"threshold":0.9,"line_hashes":["62489852517137625250442895310532729877","201713021635601015043319097914336087915","322293490913182853245187905827756638256","207896007219727419804105114721414926380","252707345794246848607483269209822253197","132236701326433796789918249164278653346"]}},{"source":"https://github.com/pcre2project/pcre2/commit/7c49b40e8aed10cc2667dd3c4b7bb692d13ade2a","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2022-41409-7b620d9d","target":{"file":"src/pcre2_compile.c","function":"pcre2_code_free"},"digest":{"function_hash":"291611100143254405593915313093031444199","length":539}},{"source":"https://github.com/pcre2project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2022-41409-9947a8ff","target":{"file":"src/pcre2test.c","function":"process_data"},"digest":{"function_hash":"337203437419393383331572633756157855685","length":30670}},{"source":"https://github.com/pcre2project/pcre2/commit/7c49b40e8aed10cc2667dd3c4b7bb692d13ade2a","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2022-41409-c4580d87","target":{"file":"src/pcre2_compile.c"},"digest":{"threshold":0.9,"line_hashes":["117830070775128279011952155861404518978","301724993596358088212685145666150882560","39920358135339226743147736293932035663","71557052945412493880793540225677577445"]}}],"vanir_signatures_modified":"2026-04-12T03:22:16Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}