Heap Buffer Overflow in PCRE2 Library Affects Regular Expression Processing
CVE-2025-58050

6.9MEDIUM

Key Information:

Vendor

Pcre2project

Status
Pcre2
Vendor
CVE Published:
27 August 2025

What is CVE-2025-58050?

A heap-buffer-overflow read vulnerability has been identified in the PCRE2 library, specifically impacting the regular expression matching functionality. This issue arises during the handling of the (*scs:...) (Scan SubString) verb in conjunction with the (*ACCEPT) command. Exploiting this vulnerability may allow an attacker to read out-of-bounds data, which could potentially lead to information disclosure, observable through the alteration of the final match result. The problem has been addressed in version 10.46, ensuring improved security for users.

Affected Version(s)

pcre2 = 10.45

References

https://github.com/PCRE2Project/pcre2/security/advisories...
x_refsource_CONFIRM
https://github.com/PCRE2Project/pcre2/commit/a141712e5967...
x_refsource_MISC
https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-58050 : Heap Buffer Overflow in PCRE2 Library Affects Regular Expression Processing