security-advisories@github.com reports:
The PCRE2 library is a set of C functions that implement regular
expression pattern matching. In version 10.45, a heap-buffer-overflow
read vulnerability exists in the PCRE2 regular expression matching
engine, specifically within the handling of the (*scs:...) (Scan
SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c.
This vulnerability may potentially lead to information disclosure
if the out-of-bounds data read during the memcmp affects the final
match result in a way observable by the attacker.