2260814 – (CVE-2022-41409) CVE-2022-41409 pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

Bug 2260814 (CVE-2022-41409) - CVE-2022-41409 pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

Summary: CVE-2022-41409 pcre2: negative repeat value in a pcre2test subject line leads...

Keywords:
Status:	NEW
Alias:	CVE-2022-41409
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2260816
TreeView+	depends on / blocked

Reported:	2024-01-29 05:49 UTC by TEJ RATHI
Modified:	2024-02-26 06:18 UTC (History)
CC List:	2 users (show)
Fixed In Version:	pcre2 10.41
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2024-01-29 05:49:12 UTC

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

https://github.com/PCRE2Project/pcre2/issues/141
https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35

Comment 2 Lukas Javorsky 2024-02-13 11:56:47 UTC

Hi Tej,

Does the TRIAGE keyword in the Jira clones still apply?

Note You need to log in before you can comment on or make changes to this bug.