CVE-2022-1586: PCRE2 library #5487
Comments
|
Hello, @darylmcnutt! Thank you so much for noticing and reporting it! 🚀 We are working on that in PR #5492. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While using the checkmarx\kics image, our trivy scans are detecting CVE-2022-1586 in the latest version of KICS (v1.5.10).
This CVE is related to the PCRE2 library:
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Submitting an issue for awareness and further investigation into KICS and potentially a patch.
The text was updated successfully, but these errors were encountered: