CVE-2022-1587 – An out-of-bounds read vulnerability in PCRE2 li... (How to Fix)

Q: What is the severity of CVE-2022-1587?

CVE-2022-1587 has a CVSS score of 9.1 (CRITICAL). An out-of-bounds read vulnerability in PCRE2 library's JIT compiler allows reading memory beyond allocated buffers during recursive regular expression processing. This affects any software using PCRE2 library with JIT compilation enabled, potentially leading to information disclosure or application crashes.

📋 TL;DR

An out-of-bounds read vulnerability in PCRE2 library's JIT compiler allows reading memory beyond allocated buffers during recursive regular expression processing. This affects any software using PCRE2 library with JIT compilation enabled, potentially leading to information disclosure or application crashes.

💻 Affected Systems

Products:

PCRE2 library
Software using PCRE2 (nginx, PHP, Apache, various Linux utilities)

Versions: PCRE2 versions before 10.40

Operating Systems: Linux, Unix-like systems, Windows (if using PCRE2)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with JIT compilation enabled (default in many configurations).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution or sensitive information disclosure leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure from process memory.

🟢

If Mitigated

No impact if JIT compilation is disabled or proper memory protections are in place.

🌐 Internet-Facing: HIGH - Many web servers and applications use PCRE2 for regex processing of user input.

🏢 Internal Only: MEDIUM - Internal applications using PCRE2 could be affected but attack surface is smaller.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific regular expressions that trigger the recursion bug.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PCRE2 10.40 and later

Vendor Advisory: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0

Restart Required: Yes

Instructions:

1. Update PCRE2 library to version 10.40 or later. 2. Recompile any software linked against PCRE2. 3. Restart affected services.

🔧 Temporary Workarounds

Disable JIT compilation

all

Disable PCRE2 JIT compilation to prevent exploitation of this vulnerability

For applications: Set PCRE2_NO_JIT=1 environment variable
For nginx: add 'pcre_jit off;' to configuration
For PHP: set 'pcre.jit=0' in php.ini

🧯 If You Can't Patch

Disable JIT compilation in all applications using PCRE2
Implement network segmentation to limit exposure of vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Check PCRE2 version: pcre2-config --version or check linked library versions in applications

Check Version:

pcre2-config --version || strings /usr/lib/libpcre2*.so | grep '^PCRE2'

Verify Fix Applied:

Verify PCRE2 version is 10.40 or later and test with known malicious regex patterns

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Unusual regex processing patterns in logs

Network Indicators:

Unusually complex regular expressions in HTTP requests or other inputs

SIEM Query:

source="*" ("segmentation fault" OR "sigsegv") AND process="*pcre*"

📊 Metadata

CVE ID: CVE-2022-1587

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: May 16, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1587, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Active Iq Unified Manager by Netapp

Enterprise Linux by Redhat

Fedora by Fedoraproject