CVE-2022-41409: 
NixOS vulnerability analysis and mitigation

CVE-2022-41409 is an integer overflow vulnerability affecting pcre2test utility in PCRE2 versions before 10.41. The vulnerability was discovered in August 2022 and publicly disclosed on July 18, 2023. The issue affects the PCRE2 (Perl Compatible Regular Expressions) library, specifically its test utility component (NVD, Ubuntu).

The vulnerability occurs when processing negative repeat values in the pcre2test subject line. When a negative repeat value is provided as input, it can trigger an integer overflow condition that leads to infinite looping. The issue has a CVSS v3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility with no privileges required (NVD).

The primary impact of this vulnerability is a denial of service condition through infinite looping. When exploited, it can cause the pcre2test utility to enter an endless loop, consuming system resources and potentially making the system unresponsive (PCRE2 Issue).

The vulnerability has been fixed in PCRE2 version 10.41 and later. The fix involves adding proper validation of repeat values to prevent negative inputs from causing infinite loops. Users should upgrade to version 10.41 or later to mitigate this vulnerability (PCRE2 Patch).