1213514 – (CVE-2022-41409) VUL-0: CVE-2022-41409: pcre,pcre2: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

Bug 1213514 (CVE-2022-41409) - VUL-0: CVE-2022-41409: pcre,pcre2: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

Summary: VUL-0: CVE-2022-41409: pcre,pcre2: Integer overflow vulnerability in pcre2tes...

Status:	RESOLVED FIXED

Alias:	CVE-2022-41409

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/372815/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-41409:5.9:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-07-20 12:23 UTC by Stoyan Manolov
Modified:	2023-12-20 16:30 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stoyan Manolov 2023-07-20 12:23:11 UTC

CVE-2022-41409

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to
cause a denial of service or other unspecified impacts via negative input.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41409
https://www.cve.org/CVERecord?id=CVE-2022-41409
https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
https://github.com/PCRE2Project/pcre2/issues/141

Comment 4 Pedro Monreal Gonzalez 2023-07-21 09:31:37 UTC

pcre2 with version 10.x is affected. Note that, this is an infinite loop in the CLI tool, so there is no real security impact.

pcre with version 8.x doesn't seem to be affected by this CVE.

Comment 6 Thomas Leroy 2023-07-21 12:09:29 UTC

(In reply to Pedro Monreal Gonzalez from comment #4)
> pcre2 with version 10.x is affected. Note that, this is an infinite loop in
> the CLI tool, so there is no real security impact.
> 
> pcre with version 8.x doesn't seem to be affected by this CVE.

I agree with you. There is a similar loop in in pcre/pcretest.c:

while (dbuffer == NULL || (size_t)len >= dbuffer_size)
      {
      dbuffer_size *= 2;
      dbuffer = (pcre_uint8 *)realloc(dbuffer, dbuffer_size * CHAR_SIZE);
      if (dbuffer == NULL)
        {
        fprintf(stderr, "pcretest: realloc(%d) failed\n", (int)dbuffer_size);
        exit(1);
        }
      }

But as far as I see, (size_t)len can't be arbitrary set to 2^64.

Comment 7 Maintenance Automation 2023-08-07 16:30:19 UTC

SUSE-SU-2023:3210-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213514
CVE References: CVE-2022-41409
Sources used:
SUSE Manager Proxy 4.2 (src): pcre2-10.31-150000.3.15.1
SUSE Manager Retail Branch Server 4.2 (src): pcre2-10.31-150000.3.15.1
SUSE Manager Server 4.2 (src): pcre2-10.31-150000.3.15.1
SUSE Linux Enterprise Micro 5.1 (src): pcre2-10.31-150000.3.15.1
SUSE Linux Enterprise Micro 5.2 (src): pcre2-10.31-150000.3.15.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): pcre2-10.31-150000.3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Maintenance Automation 2023-08-16 08:31:23 UTC

SUSE-SU-2023:3328-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213514
CVE References: CVE-2022-41409
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): pcre2-10.34-1.13.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): pcre2-10.34-1.13.1
SUSE Linux Enterprise Server 12 SP5 (src): pcre2-10.34-1.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): pcre2-10.34-1.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Maintenance Automation 2023-08-16 08:31:25 UTC

SUSE-SU-2023:3327-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213514
CVE References: CVE-2022-41409
Sources used:
openSUSE Leap 15.4 (src): pcre2-10.39-150400.4.9.1
openSUSE Leap Micro 5.3 (src): pcre2-10.39-150400.4.9.1
openSUSE Leap Micro 5.4 (src): pcre2-10.39-150400.4.9.1
openSUSE Leap 15.5 (src): pcre2-10.39-150400.4.9.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): pcre2-10.39-150400.4.9.1
SUSE Linux Enterprise Micro 5.3 (src): pcre2-10.39-150400.4.9.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): pcre2-10.39-150400.4.9.1
SUSE Linux Enterprise Micro 5.4 (src): pcre2-10.39-150400.4.9.1
Basesystem Module 15-SP4 (src): pcre2-10.39-150400.4.9.1
Basesystem Module 15-SP5 (src): pcre2-10.39-150400.4.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.