The PCRE2 library, which implements regular expression pattern matching in C, has a medium-severity vulnerability identified as CVE-2025-58050. In version 10.45, a heap-buffer-overflow read vulnerability exists specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT). This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker.
The CVSS score of 6.9 indicates that this vulnerability poses a moderate risk to organizations that utilize the affected PCRE2 library. Organizations should address this vulnerability in their patch cycle as it could be exploited to reveal sensitive information.
The vulnerability has been resolved in version 10.46 of the PCRE2 library. Since this issue has the potential to affect the integrity of applications using this library, it is crucial for organizations to prioritize patching immediately.
As this vulnerability is not classified as high-profile and does not have any known exploits associated with it, organizations should still remain vigilant and ensure their systems are updated to the latest version to mitigate potential risks.
In summary, while the immediate threat may seem low due to the absence of known exploits, the potential for information disclosure warrants attention.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)