CVE-2025-58050: PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS

Published Aug 27, 2025
·
Updated

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (scs:...) (Scan SubString) verb when combined with (ACCEPT) in src/pcre2match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.

Affected Software

2 affected components
PCRE pcre2>=10.45<10.46
PCRE pcre2=10.45

Remediation

Patch Available

https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254

Event History

Aug 27, 2025
CVE Published
via MITRE·06:47 PM
Data Sourced
via MITRE·06:47 PM
DescriptionWeakness
Data Sourced
via NVD·07:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-58050?

CVE-2025-58050 is classified as a high severity vulnerability due to the heap-buffer-overflow read issue which can lead to potential exploitation.

2

How do I fix CVE-2025-58050?

To fix CVE-2025-58050, upgrade the PCRE2 library to version 10.46 or later, which addresses the vulnerability.

3

What impact does CVE-2025-58050 have on my system?

CVE-2025-58050 can lead to unauthorized access or manipulation of memory, potentially causing crashes or data leakage.

4

Which versions of PCRE2 are affected by CVE-2025-58050?

CVE-2025-58050 affects PCRE2 versions from 10.45 to 10.46 exclusive; therefore, it is critical to update from version 10.45.

5

Is CVE-2025-58050 related to regular expression processing?

Yes, CVE-2025-58050 is specifically linked to a vulnerability in the regular expression matching engine of the PCRE2 library.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203