CVE-2022-1587 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
pcre	pcre2	𝑥 < 10.40
redhat	enterprise_linux	9.0
netapp	active_iq_unified_manager	-
netapp	hci_management_node	-
netapp	ontap_select_deploy_administration_utility	-
netapp	solidfire	-
netapp	h300s_firmware	-
netapp	h500s_firmware	-
netapp	h700s_firmware	-
netapp	h410s_firmware	-
netapp	h410c_firmware	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pcre2

bookworm	10.42-1 fixed
bullseye	10.36-2+deb11u1 fixed
sid	10.42-4 fixed
stretch	no-dsa
trixie	10.42-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

pcre2

bionic	Fixed 10.31-2ubuntu0.1~esm1 released
focal	Fixed 10.34-7ubuntu0.1 released
impish	ignored
jammy	Fixed 10.39-3ubuntu0.1 released
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

libpcre2-16-0

suse enterprise desktop 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise desktop 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	10.42-150600.1.26 fixed
suse enterprise desktop 15 SP7	10.42-150600.1.26 fixed
suse enterprise sap 15	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP6	10.42-150600.1.26 fixed
suse enterprise sap 15 SP7	10.42-150600.1.26 fixed
suse enterprise server 12 SP3	10.34-1.10.1 fixed
suse enterprise server 12 SP4	10.34-1.10.1 fixed
suse enterprise server 12 SP5	10.34-1.10.1 fixed
suse enterprise server 15	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP6	10.42-150600.1.26 fixed
suse enterprise server 15 SP7	10.42-150600.1.26 fixed

libpcre2-32-0

suse enterprise desktop 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise desktop 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	10.42-150600.1.26 fixed
suse enterprise desktop 15 SP7	10.42-150600.1.26 fixed
suse enterprise sap 15	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP6	10.42-150600.1.26 fixed
suse enterprise sap 15 SP7	10.42-150600.1.26 fixed
suse enterprise server 12 SP3	10.34-1.10.1 fixed
suse enterprise server 12 SP4	10.34-1.10.1 fixed
suse enterprise server 12 SP5	10.34-1.10.1 fixed
suse enterprise server 15	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP6	10.42-150600.1.26 fixed
suse enterprise server 15 SP7	10.42-150600.1.26 fixed

libpcre2-8-0

suse enterprise desktop 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise desktop 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	10.42-150600.1.26 fixed
suse enterprise desktop 15 SP7	10.42-150600.1.26 fixed
suse enterprise sap 15	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP6	10.42-150600.1.26 fixed
suse enterprise sap 15 SP7	10.42-150600.1.26 fixed
suse enterprise server 12 SP3	10.34-1.10.1 fixed
suse enterprise server 12 SP4	10.34-1.10.1 fixed
suse enterprise server 12 SP5	10.34-1.10.1 fixed
suse enterprise server 15	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP6	10.42-150600.1.26 fixed
suse enterprise server 15 SP7	10.42-150600.1.26 fixed

libpcre2-8-0-32bit

suse enterprise desktop 15 SP6	10.42-150600.1.26 fixed
suse enterprise desktop 15 SP7	10.42-150600.1.26 fixed
suse enterprise sap 15 SP6	10.42-150600.1.26 fixed
suse enterprise sap 15 SP7	10.42-150600.1.26 fixed
suse enterprise server 15 SP6	10.42-150600.1.26 fixed
suse enterprise server 15 SP7	10.42-150600.1.26 fixed

libpcre2-posix2

suse enterprise desktop 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise desktop 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise sap 15	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise server 12 SP3	10.34-1.10.1 fixed
suse enterprise server 12 SP4	10.34-1.10.1 fixed
suse enterprise server 12 SP5	10.34-1.10.1 fixed
suse enterprise server 15	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP5	10.39-150400.4.6.1 fixed

libpcre2-posix3

suse enterprise desktop 15 SP6	10.42-150600.1.26 fixed
suse enterprise desktop 15 SP7	10.42-150600.1.26 fixed
suse enterprise sap 15 SP6	10.42-150600.1.26 fixed
suse enterprise sap 15 SP7	10.42-150600.1.26 fixed
suse enterprise server 15 SP6	10.42-150600.1.26 fixed
suse enterprise server 15 SP7	10.42-150600.1.26 fixed

pcre2-devel

suse enterprise desktop 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise desktop 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise desktop 15 SP6	10.42-150600.1.26 fixed
suse enterprise desktop 15 SP7	10.42-150600.1.26 fixed
suse enterprise sap 15	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise sap 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise sap 15 SP6	10.42-150600.1.26 fixed
suse enterprise sap 15 SP7	10.42-150600.1.26 fixed
suse enterprise server 15	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP1	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP2	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP3	10.31-150000.3.12.1 fixed
suse enterprise server 15 SP4	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP5	10.39-150400.4.6.1 fixed
suse enterprise server 15 SP6	10.42-150600.1.26 fixed
suse enterprise server 15 SP7	10.42-150600.1.26 fixed

pcre2-tools

suse enterprise desktop 15 SP6	10.42-150600.1.26 fixed
suse enterprise desktop 15 SP7	10.42-150600.1.26 fixed
suse enterprise sap 15 SP6	10.42-150600.1.26 fixed
suse enterprise sap 15 SP7	10.42-150600.1.26 fixed
suse enterprise server 15 SP6	10.42-150600.1.26 fixed
suse enterprise server 15 SP7	10.42-150600.1.26 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

pcre2

RHEL 9

0:10.37-5.el9_0

fixed

pcre2-devel

RHEL 9

0:10.37-5.el9_0

fixed

pcre2-syntax

RHEL 9

0:10.37-5.el9_0

fixed

pcre2-utf16

RHEL 9

0:10.37-5.el9_0

fixed

pcre2-utf32

RHEL 9

0:10.37-5.el9_0

fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C

https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0

https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/

https://security.netapp.com/advisory/ntap-20221028-0009/

https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C

https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0

https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/

https://security.netapp.com/advisory/ntap-20221028-0009/