ALPINE-CVE-2022-1586

ALPINE-CVE-2022-1586 PUBLISHED CVSS 9.100000381469727 CRITICAL

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.23	pcre2	10.39-r0, 0, 10.21-r0
Alpine:v3.20	pcre2	10.30-r0, 10.39-r0, 10.38-r1
Alpine:v3.18	pcre2	10.38-r1, 10.38-r0, 10.36-r0
Alpine:v3.14	pcre2	10.35-r0, 10.36-r0, 10.23-r0
Alpine:v3.13	pcre2	10.34-r0, 0, 10.21-r0
Alpine:v3.22	pcre2	10.38-r1, 10.38-r0, 10.37-r0
Alpine:v3.16	pcre2	10.38-r1, 0, 10.21-r0
Alpine:v3.15	pcre2	10.39-r0, 0, 10.21-r0
Alpine:v3.19	pcre2	10.32-r0, 10.21-r0, 10.22-r0
Alpine:v3.21	pcre2	0, 10.39-r0, 10.38-r1
Alpine:v3.17	pcre2	10.39-r0, 0, 10.21-r0

Timeline

May 16, 2022 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2022-1586 advisory

Open in Interactive Console →