[Buildroot] [PATCH] package/pcre2: security bump to version 10.46
Julien Olivain
ju.o at free.fr
Sun Sep 14 20:32:54 UTC 2025
On 14/09/2025 16:34, Peter Korsgaard wrote:
> Fixes the following security issue:
>
> - CVE-2025-58050: PCRE2: heap-buffer-overflow read in match_ref due to
> missing boundary restoration in SCS
>
> Compared to 10.45, this release has only a minimal code change to
> prevent a
> read-past-the-end memory error, of arbitrary length. An
> attacker-controlled
> regex pattern is required, and it cannot be triggered by providing
> crafted
> subject (match) text. The (*ACCEPT) and (*scs:) pattern features must
> be
> used together.
>
> Release 10.44 and earlier are not affected.
>
> https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Applied to master, thanks.
More information about the buildroot
mailing list