Bug 1213514 (CVE-2022-41409)

Summary: VUL-0: CVE-2022-41409: pcre,pcre2: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
Product: [Novell Products] SUSE Security Incidents Reporter: Stoyan Manolov <stoyan.manolov>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: pmonrealgonzalez, security-team, thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372815/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-41409:5.9:(AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Stoyan Manolov 2023-07-20 12:23:11 UTC 
CVE-2022-41409

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to
cause a denial of service or other unspecified impacts via negative input.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41409
https://www.cve.org/CVERecord?id=CVE-2022-41409
https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
https://github.com/PCRE2Project/pcre2/issues/141
Comment 4 Pedro Monreal Gonzalez 2023-07-21 09:31:37 UTC 
pcre2 with version 10.x is affected. Note that, this is an infinite loop in the CLI tool, so there is no real security impact.

pcre with version 8.x doesn't seem to be affected by this CVE.
Comment 6 Thomas Leroy 2023-07-21 12:09:29 UTC 
(In reply to Pedro Monreal Gonzalez from comment #4)
> pcre2 with version 10.x is affected. Note that, this is an infinite loop in
> the CLI tool, so there is no real security impact.
> 
> pcre with version 8.x doesn't seem to be affected by this CVE.

I agree with you. There is a similar loop in in pcre/pcretest.c:

while (dbuffer == NULL || (size_t)len >= dbuffer_size)
      {
      dbuffer_size *= 2;
      dbuffer = (pcre_uint8 *)realloc(dbuffer, dbuffer_size * CHAR_SIZE);
      if (dbuffer == NULL)
        {
        fprintf(stderr, "pcretest: realloc(%d) failed\n", (int)dbuffer_size);
        exit(1);
        }
      }

But as far as I see, (size_t)len can't be arbitrary set to 2^64.
Comment 7 Maintenance Automation 2023-08-07 16:30:19 UTC 
SUSE-SU-2023:3210-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213514
CVE References: CVE-2022-41409
Sources used:
SUSE Manager Proxy 4.2 (src): pcre2-10.31-150000.3.15.1
SUSE Manager Retail Branch Server 4.2 (src): pcre2-10.31-150000.3.15.1
SUSE Manager Server 4.2 (src): pcre2-10.31-150000.3.15.1
SUSE Linux Enterprise Micro 5.1 (src): pcre2-10.31-150000.3.15.1
SUSE Linux Enterprise Micro 5.2 (src): pcre2-10.31-150000.3.15.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): pcre2-10.31-150000.3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Maintenance Automation 2023-08-16 08:31:23 UTC 
SUSE-SU-2023:3328-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213514
CVE References: CVE-2022-41409
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): pcre2-10.34-1.13.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): pcre2-10.34-1.13.1
SUSE Linux Enterprise Server 12 SP5 (src): pcre2-10.34-1.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): pcre2-10.34-1.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Maintenance Automation 2023-08-16 08:31:25 UTC 
SUSE-SU-2023:3327-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213514
CVE References: CVE-2022-41409
Sources used:
openSUSE Leap 15.4 (src): pcre2-10.39-150400.4.9.1
openSUSE Leap Micro 5.3 (src): pcre2-10.39-150400.4.9.1
openSUSE Leap Micro 5.4 (src): pcre2-10.39-150400.4.9.1
openSUSE Leap 15.5 (src): pcre2-10.39-150400.4.9.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): pcre2-10.39-150400.4.9.1
SUSE Linux Enterprise Micro 5.3 (src): pcre2-10.39-150400.4.9.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): pcre2-10.39-150400.4.9.1
SUSE Linux Enterprise Micro 5.4 (src): pcre2-10.39-150400.4.9.1
Basesystem Module 15-SP4 (src): pcre2-10.39-150400.4.9.1
Basesystem Module 15-SP5 (src): pcre2-10.39-150400.4.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.