What is CVE-2022-1587?

CVE-2022-1587 is a critical out-of-bounds read vulnerability in the PCRE2 library affecting multiple products. Organizations should prioritize patching immediately to mitigate risks associated with potential exploitation.

What is the severity of CVE-2022-1587?

CVE-2022-1587 has a severity rating of CRITICAL with a CVSS base score of 9.1.

CVE-2022-1587 | Redhat - Out-of-bounds Read

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. With a CVSS score of 9.1, this vulnerability is classified as critical, indicating significant risk to organizations. Attackers may leverage this vulnerability to access sensitive information or disrupt availability.

The exploitation status is currently assessed as unknown, with no public exploits available. Organizations should prioritize patching immediately to mitigate risks associated with potential exploitation, especially given the critical nature of the vulnerability and its impacts on confidentiality and availability.

This vulnerability, affecting multiple products like enterprise_linux, fedora, and pcre2, poses a real threat in networked environments. Immediate action is required to address the vulnerabilities in affected systems to prevent unauthorized access or system failures.

Organizations should assess their environments for the affected versions and deploy patches as they become available. Continuous monitoring and vulnerability management strategies will also be critical in reducing the risk associated with this and similar vulnerabilities.

Vulnerability Details

This vulnerability allows an out-of-bounds read in the PCRE2 library, specifically within the get_recurse_data_length() function of the pcre2_jit_compile.c file. The issue arises from improper handling of duplicate data transfers in JIT-compiled regular expressions. The CVSS score of 9.1 indicates that the vulnerability is critical, with high confidentiality and availability impacts.

The affected products include PCRE2, enterprise_linux, and fedora, among others. The vulnerability was published on May 16, 2022. It has been classified under CWE-125 (Out-of-bounds read).

Technical Analysis

The root cause of this vulnerability is an out-of-bounds read that occurs when the get_recurse_data_length() function does not properly validate data length during recursion. The attack vector is network-based, with low attack complexity requiring no privileges or user interaction. The potential impact is significant, with high risks to confidentiality and availability.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive information due to the out-of-bounds read vulnerability. The potential blast radius is extensive, affecting multiple products across various environments. Given the critical CVSS score and the possibility of exploitation, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include PCRE2 versions prior to 10.40, Red Hat Enterprise Linux 9.0, Fedora 35, and 36. Additionally, multiple NetApp products are also vulnerable. Organizations should ensure they are using the latest versions or apply necessary patches.

Mitigation & Remediation

Detection Guidance

Organizations should monitor logs for unusual access patterns or errors related to regular expression processing. Behavioral anomalies in application performance may also indicate potential exploitation attempts. Implement network signatures to detect anomalous traffic that may indicate exploitation of this vulnerability.

AppSecure Threat Intelligence Insight

CVE-2022-1587 highlights the ongoing need for vigilance in software development and deployment. The pattern of vulnerabilities affecting widely used libraries like PCRE2 underscores the importance of maintaining up-to-date software and implementing robust security measures. Security teams should learn from this incident to enhance their vulnerability management programs, ensuring prompt identification and remediation of similar issues in the future.

For more information on vulnerability management best practices, organizations can refer to the vulnerability management program design and consider engaging in penetration testing to validate security controls.

Organizations should also stay informed about the latest trends in vulnerability exposure and mitigation strategies through resources like the 2025 vulnerability exposure severity trends report.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-1587: Critical Vulnerability in PCRE2 Library