VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 18, 2023· Updated Oct 28, 2024

CVE-2022-41409

CVE-2022-41409

Description

In pcre2test before version 10.41, a negative repeat value triggers an integer overflow, causing indefinite looping and denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In pcre2test before version 10.41, a negative repeat value triggers an integer overflow, causing indefinite looping and denial of service.

Vulnerability

A vulnerability exists in pcre2test (bundled with PCRE2) prior to version 10.41. When processing a subject line containing a negative repeat value (e.g., {-10}), the code at line 6860 in pcre2test.c miscalculates buffer size due to integer overflow, leading to an infinite loop. The issue is triggered by passing a negative number to the repeat quantifier pattern.

Exploitation

An attacker can cause denial of service by providing a crafted input file to pcre2test that includes a negative repeat value. No special privileges or authentication are required; the attack is performed locally by supplying the malformed input file. The tool enters an infinite loop while resizing the dbuffer, resulting in indefinite hang or resource exhaustion.

Impact

Successful exploitation results in a denial of service (DoS) condition: pcre2test hangs indefinitely, consuming CPU and memory. Although the description mentions "other unspecified impacts", no other consequences are documented in the references. The tool is typically used for testing PCRE2 patterns, so the impact is limited to disruption of testing operations.

Mitigation

The vulnerability is fixed in commit 94e1c001761373b7d9450768aa15d04c25547a35, which was included in PCRE2 version 10.41 and later. The fix adds bounds checking: if (i-- <= 0) and reports "Zero or negative repeat not allowed". Users should upgrade to PCRE2 10.41 or later. No workaround is available. The issue is not listed in CISA's Known Exploited Vulnerabilities (KEV).

[1] [2]

References
  1. [Bug report] Endless looping in pcre2test (v10.41, commit id:3a1ad4 )
  2. Diagnose negative repeat value in pcre2test subject line · PCRE2Project/pcre2@94e1c00

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

17

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"An integer overflow vulnerability exists in pcre2test when processing negative input for repeat counts."

Attack vector

An attacker can provide a negative number as a repeat count in the subject line of a pcre2test input file. This negative input is not properly diagnosed, leading to an infinite loop within the pcre2test utility. The vulnerability is triggered by crafting specific test cases that include malformed repeat specifiers.

Affected code

The vulnerability is located in the pcre2test utility, specifically within the code that parses and processes repeat counts in test subject lines. The relevant change is in the comparison `if (i-- == 0)` which was modified to `if (i-- <= 0)` to handle negative repeat values [ref_id=1].

What the fix does

The patch modifies the condition that checks for zero repeat counts to also include negative values. Previously, the code `if (i-- == 0)` only checked for zero. The updated condition `if (i-- <= 0)` now correctly identifies and rejects both zero and negative repeat counts, preventing the infinite loop and diagnosing the issue with the message '** Zero or negative repeat not allowed ' [ref_id=1].

Preconditions

  • inputThe attacker must be able to control or influence the input provided to the pcre2test utility, specifically the repeat counts within test subject lines.

Generated on Jun 7, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

1